Merge pull request #292 from jembi/remove-ansible-vault-requirement

Remove ansible vault requirement

Author: rcrichton

infrastructure/ansible/README.md

@@ -36,7 +36,6 @@ To run a playbook you should do:
 
 ```bash
 ansible-playbook \
-  --ask-vault-pass \
   --become \
   --inventory=inventories/<INVENTORY> \
   --user=ubuntu \
@@ -47,27 +46,8 @@ OR to run all provisioning playbooks with the development inventory (most common
 
 ```bash
 ansible-playbook \
-  --ask-vault-pass \
   --become \
   --inventory=inventories/development \
   --user=ubuntu \
   playbooks/provision.yml
 ```
-
-### Vault
-
-The vault password required for running the playbooks can be found in the `database.kdbx` KeePass file.
-
-To encrypt a new secret with vault run:
-
-```bash
-echo -n '<YOUR SECRET>' | ansible-vault encrypt_string
-```
-
-> The __New password__ is the original Ansible Vault password.
-
-## Keepass
-
-Copies of all the passwords used here are kept in the encrypted `database.kdbx` file.
-
-> Please ask your admin for the decryption password.

infrastructure/ansible/inventories/development/group_vars/all.yml

@@ -34,6 +34,9 @@ sudoers:
     key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNh4PK3dE8ZOEbD+CZSisHl8R0r7aAcFL48tW10Kv+EcuTlAH3Du6bHh2OrGgU9XC933WDbyUcB0N+T+wv9XJudVWE6708JoSflbW93nCiOojq+GkpbiCXHkTwvbV2MLtKOUCQQFD65umZ5/p568vpay6bWUfsFso/PjJ1zIktW9EYuK83mGU0C+F74nDZfmwc3CB1N8u6fgviFANfPZvE//If09MU6jMaSGc5umX2tIfH0n/OEal3jNsJgXu+5irUupJ56I39d4Zym+4DbaShsoXUz9PMvnlXd194aswJlEwlxcW4/lmq3IbW62kvMFf3UePTK6O4piE1Ci2XHlxnEUOzIz5FAnktd9FtDsGxynAVlvdLA93TJXwQ6FGtTQAuIWGXukOWwT11IATj+CSuhOOvsa/VAG2NZKsxlCex3F6V0FKmPir7OZXzLXkEMaW8UgKpGqZ6oaRY1pGOWIzuqyqP50Fakc+X+tV8QzKJN8TQu1A/RSvVX0DKOAYTC0M=
 
 docker_users:
+  - name: Default user
+    username: ubuntu
+    state: present
   - name: bradford.sawadye@jembi.org
     username: bradfordsawadye
     state: present
@@ -72,14 +75,3 @@ firewall_subnet_restriction: "10.1.10.0/16"
 # docker_swarm_hostname_1: ip-172-31-36-41
 # docker_swarm_hostname_2: ip-172-31-35-12
 # docker_swarm_hostname_3: ip-172-31-38-234
-
-# Credentials for logging in to docker hub
-docker_username: ethiopiacdrbot
-docker_email: ryan+ethiopiacdrbot@jembi.org
-docker_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  34323064326163323965306565316239366335633632633862333339323965633539376162623138
-  3166356333333635656337383236306535343164636632640a323031326166653339663162663763
-  39356130373863326163306139343332396262353036333532303530383363376237336138336136
-  3262303664386464380a613834373538376639373330363361396165333533343137613464653761
-  36383536633362653535343666333731333630383639613065393935346336613636

infrastructure/ansible/roles/common/tasks/main.yml

@@ -31,6 +31,7 @@
     comment: "{{ item.name }}"
     state: "{{ item.state }}"
   loop: "{{ sudoers + docker_users }}"
+  when: item.key is defined
 
 - name: disable root login
   lineinfile:

infrastructure/ansible/roles/docker/tasks/main.yml

@@ -61,13 +61,6 @@
     name: docker
     state: reloaded
 
-- name: adding existing user ubuntu to group sudo
-  user:
-    name: ubuntu
-    groups:
-      - docker
-    append: yes
-
 - name: Add user to docker group
   user:
     name: "{{ item.username }}"
@@ -79,14 +72,6 @@
 - name: reset ssh connection to allow user changes to affect ansible user
   meta: reset_connection
 
-- name: log in to docker hub using ubuntu user
-  become: yes
-  become_user: ubuntu
-  docker_login:
-    username: '{{ docker_username }}'
-    password: '{{ docker_password }}'
-    state: present
-
 - name: create docker daemon config path if it doesn't exist
   raw: sudo mkdir -p /etc/docker