playbooks/README.md

# Fritzlab Ansible Playbooks

---

### Proxmox Hosts 

We manage Proxmox hosts via Ansible.
The following playbook will set the Proxmox settings for all hosts in the inventory file.

```bash
$ ansible-playbook --vault-password-file vault-password compute/playbook-host-proxmox.yaml -i compute/inventory-host-proxmox.yaml
```

### Dell iDRAC

We manage Dell iDRAC settings via Ansible (via Redfish API).
The following playbook will set the iDRAC settings for all hosts in the inventory file.

```bash
$ ansible-playbook --vault-password-file vault-password compute/playbook-machine-idrac.yaml -i compute/inventory-machine-idrac.yaml
```

### Secrets 

We use ansible-vault to encrypt secrets. 
The vault password is assumed to be available in a file called `vault-password`. 
This password file is not stored in the repository and must be created by the user.
It is stored in 1Password under the name `Ansible Vault Password`.

#### Add new secret into an inventory file
Here is how to encrypt a new secret with ansible-vault:

```bash
$ ansible-vault encrypt_string --vault-password-file vault-password <super-secret-text>
!vault |
          $ANSIBLE_VAULT;1.1;AES256
          64383837303638393966666536323131376366613531613966633532633439343961663934373263
          6237393730666235326365326430396231623031613166340a386363653865656432373138616232
          34393765326262373435373334653838366562616465333536633335356637353335333839613233
          6337316139363334650a393238656266643965333630343166366335616539393838366333323934
          65616636656235373738306561316431336232376165356465623232313465303435
```
The result is a string that can be used in a playbook. 

```yaml
dell_machines:
  hosts:
    host001:
      idrac_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          65356164386561376463613762323663633466653432643561313230393131356635646361353265
          6437613034393061336565366465656539326366326430650a366331383165333136326535633833
          39336366666137623230393261633166313837303432653336636363393936323133636366313636
          3738316235663337370a333031643466323962643034313433666236313831643861656461643833
          35316235356566333761333635356337373632646365343364373563613034636334
```
initial migration and clean-up from previous repo 2024-06-07 20:43:00 +00:00			`# Fritzlab Ansible Playbooks`

			`---`

			`### Proxmox Hosts`

			`We manage Proxmox hosts via Ansible.`
			`The following playbook will set the Proxmox settings for all hosts in the inventory file.`

			```bash
			`$ ansible-playbook --vault-password-file vault-password compute/playbook-host-proxmox.yaml -i compute/inventory-host-proxmox.yaml`
			```

			`### Dell iDRAC`

			`We manage Dell iDRAC settings via Ansible (via Redfish API).`
			`The following playbook will set the iDRAC settings for all hosts in the inventory file.`

			```bash
			`$ ansible-playbook --vault-password-file vault-password compute/playbook-machine-idrac.yaml -i compute/inventory-machine-idrac.yaml`
			```

			`### Secrets`

			`We use ansible-vault to encrypt secrets.`
			The vault password is assumed to be available in a file called `vault-password`.
			`This password file is not stored in the repository and must be created by the user.`
			It is stored in 1Password under the name `Ansible Vault Password`.

			`#### Add new secret into an inventory file`
			`Here is how to encrypt a new secret with ansible-vault:`

			```bash
			`$ ansible-vault encrypt_string --vault-password-file vault-password <super-secret-text>`
			`!vault \|`
			`$ANSIBLE_VAULT;1.1;AES256`
			`64383837303638393966666536323131376366613531613966633532633439343961663934373263`
			`6237393730666235326365326430396231623031613166340a386363653865656432373138616232`
			`34393765326262373435373334653838366562616465333536633335356637353335333839613233`
			`6337316139363334650a393238656266643965333630343166366335616539393838366333323934`
			`65616636656235373738306561316431336232376165356465623232313465303435`
			```
			`The result is a string that can be used in a playbook.`

			```yaml
			`dell_machines:`
			`hosts:`
			`host001:`
			`idrac_password: !vault \|`
			`$ANSIBLE_VAULT;1.1;AES256`
			`65356164386561376463613762323663633466653432643561313230393131356635646361353265`
			`6437613034393061336565366465656539326366326430650a366331383165333136326535633833`
			`39336366666137623230393261633166313837303432653336636363393936323133636366313636`
			`3738316235663337370a333031643466323962643034313433666236313831643861656461643833`
			`35316235356566333761333635356337373632646365343364373563613034636334`
			```