ansible-vault-pass

Ansible settings:

We need to store our password in a vault containing file:

looser@looserbox:~$ ansible-vault  create firstvault.yml
New Vault password:changeit
Confirm New Vault password:changeit
looser@looserbox:~$
my_cluser_sudo_pass: temporal
~
~
~
~
~
~
~
~
:x

And now you have to include some vars at your host_group in the /etc/ansible/hosts file:

[webserver:vars]
ansible_user=looser
ansible_become=yes
ansible_become_method=sudo
ansible_become_pass='{{my_cluster_sudo_pass}}'
[webserver]
looserbox
......
"/etc/ansible/hosts" 51 lines, 1168 characters

Test your new vault file:

looser@looserbox:~$ ansible-playbook --ask-vault-pass --extra-vars '@firstvault.yml' webserver.yml
Vault password:

PLAY [webserver] ********************************************************************************************************************************************

TASK [Gathering Facts] **************************************************************************************************************************************
ok: [looserbox]

TASK [General | Instalación de paquetes requeridos.] ********************************************************************************************************
ok: [looserbox] => (item=[u'php', u'apache2', u'mysql-server', u'mysql-client', u'php-mysql', u'php-apcu', u'php-apcu-bc', u'php-xmlrpc', u'php-soap', u'php-                             gd', u'unzip', u'python-mysqldb'])

TASK [Apache2 | Habilitar módulos] **************************************************************************************************************************
changed: [looserbox]

TASK [Restart Apache] ********************************************************************************************************************************************************************
changed: [looserbox]

PLAY RECAP **************************************************************************************************************************************************
looserbox                  : ok=3    changed=1    unreachable=0    failed=1

looser@looserbox:~$