diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2016-08-15 11:22:40 +0100 |
---|---|---|
committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2016-08-15 14:42:22 +0100 |
commit | afacdf1e7cf93722a531079217b73975eb625f3e (patch) | |
tree | 87f2a15bb1ec3b29f79f9aea83ff544a5ba91e03 /baserock_frontend/instance-config.yml | |
parent | 4ecfb404b2d53425c3a3a07e251c100d6c3a89c0 (diff) | |
download | infrastructure-afacdf1e7cf93722a531079217b73975eb625f3e.tar.gz |
Use Ansible Vaults to contain secret files/variables
Having them in files lying around in a local repository
is dangerous, they could be commited and pushed by accident.
Also, having these files in a mail is not good either, and makes
this repository complicated to use for us.
Change-Id: I644e1fb8228e3cb081a004547abaf654e9c449b7
Diffstat (limited to 'baserock_frontend/instance-config.yml')
-rw-r--r-- | baserock_frontend/instance-config.yml | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/baserock_frontend/instance-config.yml b/baserock_frontend/instance-config.yml index d7ce842b..63187112 100644 --- a/baserock_frontend/instance-config.yml +++ b/baserock_frontend/instance-config.yml @@ -12,7 +12,12 @@ # the private key for that certificate (which is not committed to Git, of # course). - name: install SSL certificate - copy: src=../private/baserock.org-ssl-certificate-temporary-dsilverstone.pem dest=/etc/pki/tls/private/baserock.pem owner=haproxy mode=400 + content: "{{ lookup('file', '../private/baserock.org-ssl-certificate-temporary-dsilverstone.pem') }}" + dest: /etc/pki/tls/private/baserock.pem + owner: haproxy + mode: 400 - name: HAProxy configuration - copy: src=haproxy.cfg dest=/etc/haproxy/haproxy.cfg + copy: + src: haproxy.cfg + dest: /etc/haproxy/haproxy.cfg |