OSISM Ansible Vault Secrets¶
OSISM uses Ansible Vault for handling secret information like passwords, ssh-keys, etc. There are several
secret.yml files in the repository. See the following points for details on ansible-vault
$ find environments/ -name "*secrets.yml" environments/custom/secrets.yml environments/secrets.yml environments/infrastructure/secrets.yml environments/openstack/secrets.yml environments/generic/secrets.yml environments/monitoring/secrets.yml environments/ceph/secrets.yml environments/manager/secrets.yml environments/kolla/secrets.yml
In the file
environments/secrets.yml there are general secrets OSISM is using and accessing over all environments like
operator_private_key for ssh access with key.
environments/manager/secrets.yml contains manager specific secrets.
environments/generic/secrets.yml contains generic specific secrets.
environments/infrastructure/secrets.yml contains infrastructure specific secrets.
environments/kolla/secrets.yml contains e.g. database admin password, keystone admin password, etc.
environments/ceph/secrets.yml contains ceph specific secrets.
environments/openstack/secrets.yml contains e.g. openstack-client clouds configuration data.
environments/custom/secrets.yml contains custom secrets, e.g. ipmi password, slack webhook
environments/monitoring/secrets.yml contains monitoring specific secrets.
Search Secret Files for Password¶
Use the script
environments/.vault_pass for searching passwords.
This works only on local git clone, not on manager.
$ cd environments/ $ ./.vault_pass kibana Please enter the ansible vault password: kibana_password: lesssecret
Since this script is added in year 2021, you have to download and deploy the script in older environments.