In the Second part lets Start working with the AAP login to AAP and login as a Admin user and go to the Credential Type and click on Add
Create a New Credential called HashiCorp
Input Configuration:
fields:
- id: vault_server
type: string
label: URL for Vault Server
- id: vault_token_id
type: string
label: Vault token ID
secret: true
required:
- vault_server
- vault_token_id
And Injector Configuration
env:
VAULT_ADDR: '{{ vault_server }}'
VAULT_TOKEN: '{{ vault_token_id }}'
Its Looks like This
Now Go to Credentials and Create a Credential call hashicorp_token
Enter the values which are associated with the vault
Now go to inventory and create a Inventory i have created a inventory name hashi and add a host which will look like this just make sure you add the below line in variables
ansible_password: "{{ lookup('hashi_vault', 'secret=secret/data/dev/{{ inventory_hostname }}:password')}}"
We are almost done from host setup stand point in the in AAP all which is remaining is writting a playbook to change the password.
Now lets take a look at setting up the initial password in the hashicorp vault
login to vault with the taken available in the init file present on path /etc/vault/init.file
Login to UI of Vault and go to Secrets Engine Go to generic inside select the KV
Path : secret
After the Engine is enable the screen will look like this
 |
Click on secret and create a paths as per the environment for me its a development environment so i have label it dev and the FQDN or the IP address which we have specify in the inventory and create a password secret once you build the secrets it may look like this   As we are done with this part we are almost done We will create the execution environment in the AAP or AWX |
No comments:
Post a Comment