Ansible n\u1ed5i b\u1eadt v\u1edbi kh\u1ea3 n\u0103ng t\u1ef1 \u0111\u1ed9ng h\u00f3a vi\u1ec7c cung c\u1ea5p v\u00e0 qu\u1ea3n l\u00fd m\u00e1y ch\u1ee7. C\u00e1c playbook c\u1ee7a Ansible, kh\u1ea3 n\u0103ng nh\u00f3m v\u00e0 s\u1eafp x\u1ebfp t\u00e0i nguy\u00ean, c\u00f9ng nhi\u1ec1u t\u00ednh n\u0103ng kh\u00e1c khi\u1ebfn n\u00f3 tr\u1edf th\u00e0nh m\u1ed9t t\u00e0i s\u1ea3n tuy\u1ec7t v\u1eddi \u0111\u1ec3 qu\u1ea3n l\u00fd m\u00e1y ch\u1ee7.<\/p>\n
Tuy nhi\u00ean, ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Ansible th\u01b0\u1eddng \u0111\u00f2i h\u1ecfi s\u1ed5 tay h\u01b0\u1edbng d\u1eabn c\u1ee7a b\u1ea1n ph\u1ea3i s\u1eed d\u1ee5ng c\u00e1c b\u00ed m\u1eadt nh\u01b0 m\u1eadt kh\u1ea9u m\u00e1y ch\u1ee7, m\u00e3 th\u00f4ng b\u00e1o truy c\u1eadp v\u00e0 kh\u00f3a API.<\/p>\n
\u0110\u1ec3 mang l\u1ea1i s\u1ef1 b\u1ea3o m\u1eadt cho s\u1ef1 ti\u1ec7n l\u1ee3i c\u1ee7a thi\u1ebft l\u1eadp Ansible, b\u1ea1n n\u00ean s\u1eed d\u1ee5ng quy tr\u00ecnh qu\u1ea3n l\u00fd b\u00ed m\u1eadt. Qu\u1ea3n l\u00fd b\u00ed m\u1eadt ti\u1ebfp t\u1ee5c cho ph\u00e9p Ansible t\u1ef1 \u0111\u1ed9ng h\u00f3a c\u00e1c t\u00e1c v\u1ee5 m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n, v\u1edbi t\u1ea5t c\u1ea3 quy\u1ec1n truy c\u1eadp c\u1ea7n thi\u1ebft. \u0110\u1ed3ng th\u1eddi, qu\u1ea3n l\u00fd b\u00ed m\u1eadt gi\u1eef b\u00ed m\u1eadt c\u1ee7a b\u1ea1n an to\u00e0n kh\u1ecfi c\u00e1c t\u1ec7p v\u0103n b\u1ea3n thu\u1ea7n t\u00fay v\u00e0 c\u00e1c v\u1ecb tr\u00ed d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng kh\u00e1c.<\/p>\n
Trong h\u01b0\u1edbng d\u1eabn n\u00e0y, h\u00e3y t\u00ecm hi\u1ec3u c\u00e1c ph\u01b0\u01a1ng ph\u00e1p h\u1eefu \u00edch nh\u1ea5t \u0111\u1ec3 tri\u1ec3n khai qu\u1ea3n l\u00fd b\u00ed m\u1eadt v\u1edbi thi\u1ebft l\u1eadp Ansible c\u1ee7a b\u1ea1n. H\u01b0\u1edbng d\u1eabn bao g\u1ed3m nhi\u1ec1u ph\u01b0\u01a1ng ph\u00e1p, t\u1eeb \u0111\u01a1n gi\u1ea3n \u0111\u1ebfn c\u00f3 th\u1ec3 m\u1edf r\u1ed9ng v\u00e0 gi\u00fap b\u1ea1n ch\u1ecdn ph\u01b0\u01a1ng ph\u00e1p ph\u00f9 h\u1ee3p.<\/p>\n
B\u00ed m\u1eadt l\u00e0 kh\u00f3a ho\u1eb7c th\u00f4ng tin x\u00e1c th\u1ef1c kh\u00e1c cho ph\u00e9p truy c\u1eadp v\u00e0o t\u00e0i nguy\u00ean ho\u1eb7c h\u1ec7 th\u1ed1ng. B\u00ed m\u1eadt bao g\u1ed3m nh\u1eefng th\u1ee9 nh\u01b0 m\u00e3 th\u00f4ng b\u00e1o truy c\u1eadp, kh\u00f3a API v\u00e0 m\u1eadt kh\u1ea9u c\u01a1 s\u1edf d\u1eef li\u1ec7u & h\u1ec7 th\u1ed1ng.<\/p>\n
Khi qu\u1ea3n l\u00fd c\u00e1c n\u00fat b\u1eb1ng Ansible, b\u1ea1n th\u01b0\u1eddng c\u1ea7n cung c\u1ea5p cho n\u00f3 c\u00e1c b\u00ed m\u1eadt. Th\u00f4ng th\u01b0\u1eddng, b\u1ea1n c\u00f3 th\u1ec3 cung c\u1ea5p c\u00e1c b\u00ed m\u1eadt n\u00e0y trong s\u1ed5 tay h\u01b0\u1edbng d\u1eabn Ansible, nh\u01b0ng l\u00e0m nh\u01b0 v\u1eady s\u1ebd khi\u1ebfn ch\u00fang c\u00f3 kh\u1ea3 n\u0103ng b\u1ecb ch\u1eb7n v\u00e0 khai th\u00e1c.<\/p>\n
\u0110\u1ec3 b\u1ea3o m\u1eadt b\u00ed m\u1eadt c\u1ee7a b\u1ea1n, b\u1ea1n n\u00ean tri\u1ec3n khai qu\u1ea3n l\u00fd b\u00ed m\u1eadt v\u1edbi playbook Ansible c\u1ee7a m\u00ecnh. Qu\u1ea3n l\u00fd b\u00ed m\u1eadt \u0111\u1ec1 c\u1eadp \u0111\u1ebfn c\u00e1ch th\u1ee9c l\u01b0u tr\u1eef b\u00ed m\u1eadt m\u1ed9t c\u00e1ch an to\u00e0n, v\u1edbi c\u00e1c ph\u01b0\u01a1ng ph\u00e1p kh\u00e1c nhau c\u00e2n b\u1eb1ng gi\u1eefa kh\u1ea3 n\u0103ng truy c\u1eadp v\u00e0 b\u1ea3o m\u1eadt.<\/p>\n
C\u00f3 m\u1ed9t s\u1ed1 t\u00f9y ch\u1ecdn \u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt b\u1eb1ng s\u1ed5 tay h\u01b0\u1edbng d\u1eabn Ansible c\u1ee7a b\u1ea1n. T\u00f9y ch\u1ecdn ph\u00f9 h\u1ee3p v\u1edbi nhu c\u1ea7u c\u1ee7a b\u1ea1n ph\u1ee5 thu\u1ed9c v\u00e0o thi\u1ebft l\u1eadp c\u1ee5 th\u1ec3 c\u1ee7a b\u1ea1n. B\u1ea1n c\u1ea7n b\u00ed m\u1eadt c\u1ee7a m\u00ecnh c\u00f3 th\u1ec3 truy c\u1eadp \u0111\u01b0\u1ee3c \u0111\u1ebfn m\u1ee9c n\u00e0o v\u00e0 b\u1ea1n mu\u1ed1n ch\u00fang an to\u00e0n \u0111\u1ebfn m\u1ee9c n\u00e0o \u0111\u1ec3 x\u00e1c \u0111\u1ecbnh gi\u1ea3i ph\u00e1p n\u00e0o ph\u00f9 h\u1ee3p nh\u1ea5t v\u1edbi b\u1ea1n.<\/p>\n
C\u00e1c ph\u1ea7n s\u1eafp t\u1edbi s\u1ebd ph\u00e1c th\u1ea3o m\u1ed9t s\u1ed1 t\u00f9y ch\u1ecdn h\u1eefu \u00edch nh\u1ea5t \u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt v\u1edbi Ansible. Ch\u00fang c\u1ed1 g\u1eafng bao g\u1ed3m nhi\u1ec1u tr\u01b0\u1eddng h\u1ee3p s\u1eed d\u1ee5ng, t\u1eeb t\u01b0\u01a1ng t\u00e1c v\u00e0 th\u1ee7 c\u00f4ng, \u0111\u1ebfn t\u1ef1 \u0111\u1ed9ng v\u00e0 t\u00edch h\u1ee3p.<\/p>\n
T\u1ea5t c\u1ea3 c\u00e1c v\u00ed d\u1ee5 sau \u0111\u00e2y \u0111\u1ec1u s\u1eed d\u1ee5ng thi\u1ebft l\u1eadp Ansible v\u1edbi m\u1ed9t n\u00fat \u0111i\u1ec1u khi\u1ec3n v\u00e0 hai n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd. C\u00e1c n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd \u0111\u01b0\u1ee3c cung c\u1ea5p \u0111\u1ecba ch\u1ec9 IP m\u1eabu Ansible playbook bao g\u1ed3m t\u00f9y ch\u1ecdn nh\u1eafc ng\u01b0\u1eddi d\u00f9ng nh\u1eadp bi\u1ebfn. \u0110\u00e2y th\u1ef1c ch\u1ea5t l\u00e0 t\u00f9y ch\u1ecdn \u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt trong thi\u1ebft l\u1eadp Ansible c\u1ee7a b\u1ea1n.<\/p>\n V\u1edbi t\u00f9y ch\u1ecdn n\u00e0y, b\u1ea1n c\u1ea5u h\u00ecnh playbook Ansible c\u1ee7a m\u00ecnh \u0111\u1ec3 nh\u1eafc ng\u01b0\u1eddi d\u00f9ng nh\u1eadp th\u1ee7 c\u00f4ng c\u00e1c b\u00ed m\u1eadt. C\u00e1c b\u00ed m\u1eadt kh\u00f4ng bao gi\u1edd c\u1ea7n ph\u1ea3i \u0111\u01b0\u1ee3c l\u01b0u tr\u00ean h\u1ec7 th\u1ed1ng, cho ph\u00e9p b\u1ea1n b\u1ea3o v\u1ec7 ch\u00fang n\u1ebfu kh\u00f4ng. Ph\u01b0\u01a1ng ph\u00e1p n\u00e0y l\u00e0 ph\u01b0\u01a1ng ph\u00e1p d\u1ec5 nh\u1ea5t trong c\u00e1c t\u00f9y ch\u1ecdn \u0111\u01b0\u1ee3c \u0111\u1ec1 c\u1eadp \u1edf \u0111\u00e2y.<\/p>\n T\u1ea5t nhi\u00ean, t\u00f9y ch\u1ecdn n\u00e0y \u0111i k\u00e8m v\u1edbi m\u1ed9t s\u1ed1 nh\u01b0\u1ee3c \u0111i\u1ec3m \u0111\u00e1ng k\u1ec3. B\u1eb1ng c\u00e1ch kh\u00f4ng l\u01b0u tr\u1eef c\u00e1c b\u00ed m\u1eadt, b\u1ea1n c\u0169ng ng\u0103n Ansible t\u1ef1 \u0111\u1ed9ng truy c\u1eadp ch\u00fang, l\u00e0m gi\u1ea3m kh\u1ea3 n\u0103ng t\u00edch h\u1ee3p s\u1ed5 tay h\u01b0\u1edbng d\u1eabn c\u1ee7a b\u1ea1n v\u00e0o c\u00e1c quy tr\u00ecnh t\u1ef1 \u0111\u1ed9ng. Ngo\u00e0i ra, vi\u1ec7c \u0111\u1ec3 c\u00e1c b\u00ed m\u1eadt nh\u1eadp th\u1ee7 c\u00f4ng c\u0169ng g\u00e2y ra r\u1ee7i ro ri\u00eang, v\u00ec ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 x\u1eed l\u00fd sai c\u00e1c b\u00ed m\u1eadt.<\/p>\n \u0110\u00e2y l\u00e0 m\u1ed9t v\u00ed d\u1ee5 v\u1ec1 playbook Ansible t\u1eeb h\u01b0\u1edbng d\u1eabn Automate Server Configuration with Ansible Playbook<\/a> c\u1ee7a ch\u00fang t\u00f4i . Playbook n\u00e0y th\u00eam m\u1ed9t ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng ph\u1ea3i root m\u1edbi v\u00e0o c\u00e1c n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd.<\/p>\n Playbook s\u1eed d\u1ee5ng Ghi ch\u00fa: S\u1ed5 tay h\u01b0\u1edbng d\u1eabn n\u00e0y gi\u1ea3 \u0111\u1ecbnh b\u1ea1n c\u00f3 kh\u00f3a c\u00f4ng khai SSH tr\u00ean n\u00fat \u0111i\u1ec1u khi\u1ec3n c\u1ee7a m\u00ecnh. Kh\u00f3a c\u00f4ng khai cho ph\u00e9p k\u1ebft n\u1ed1i an to\u00e0n kh\u00f4ng c\u1ea7n m\u1eadt kh\u1ea9u v\u1edbi ng\u01b0\u1eddi d\u00f9ng m\u1edbi trong t\u01b0\u01a1ng lai. T\u00ecm hi\u1ec3u th\u00eam trong h\u01b0\u1edbng d\u1eabn S\u1eed d\u1ee5ng x\u00e1c th\u1ef1c kh\u00f3a c\u00f4ng khai SSH c\u1ee7a<\/a> ch\u00fang t\u00f4i .<\/p>\n H\u01b0\u1edbng d\u1eabn n\u00e0y c\u0169ng gi\u1ea3 \u0111\u1ecbnh r\u1eb1ng kh\u00f3a SSH c\u1ee7a n\u00fat \u0111i\u1ec1u khi\u1ec3n c\u1ee7a b\u1ea1n \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt b\u1eb1ng m\u1eadt kh\u1ea9u v\u00e0 do \u0111\u00f3 s\u1eed d\u1ee5ng t\u00f9y \u0110\u1ec3 ch\u1ea1y playbook, tr\u01b0\u1edbc ti\u00ean h\u00e3y \u0111\u1ea3m b\u1ea3o b\u1ea1n \u0111ang \u1edf c\u00f9ng th\u01b0 m\u1ee5c v\u1edbi playbook, sau \u0111\u00f3 th\u1ef1c hi\u1ec7n l\u1ec7nh sau:<\/p>\n N\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible<\/p>\n Ansible s\u1ebd nh\u1eafc nh\u1eadp m\u1eadt kh\u1ea9u SSH tr\u01b0\u1edbc, sau \u0111\u00f3 nh\u1eadp m\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng m\u1edbi. \u0110\u1ea7u ra s\u1ebd gi\u1ed1ng nh\u01b0 h\u00ecnh d\u01b0\u1edbi \u0111\u00e2y:<\/p>\n Ansible c\u00f3 m\u1ed9t c\u00f4ng c\u1ee5, Ansible Vault, c\u00f3 th\u1ec3 t\u1ea1o \u0111i\u1ec1u ki\u1ec7n thu\u1eadn l\u1ee3i cho vi\u1ec7c qu\u1ea3n l\u00fd b\u00ed m\u1eadt. Vault m\u00e3 h\u00f3a th\u00f4ng tin, sau \u0111\u00f3 b\u1ea1n c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng trong s\u1ed5 tay h\u01b0\u1edbng d\u1eabn Ansible c\u1ee7a m\u00ecnh.<\/p>\n V\u1edbi m\u1ed9t s\u1ed1 thi\u1ebft l\u1eadp, Ansible Vault c\u00f3 th\u1ec3 l\u00e0m cho c\u00e1c b\u00ed m\u1eadt v\u1eeba an to\u00e0n v\u1eeba c\u00f3 th\u1ec3 truy c\u1eadp \u0111\u01b0\u1ee3c. C\u00e1c b\u00ed m\u1eadt \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a, ngh\u0129a l\u00e0 kh\u00f4ng ai c\u00f3 th\u1ec3 truy c\u1eadp \u0111\u01b0\u1ee3c n\u1ebfu kh\u00f4ng c\u00f3 m\u1eadt kh\u1ea9u c\u1ee7a b\u1ea1n. \u0110\u1ed3ng th\u1eddi, c\u00e1c b\u00ed m\u1eadt c\u0169ng c\u00f3 th\u1ec3 truy c\u1eadp \u0111\u01b0\u1ee3c \u0111\u1ed1i v\u1edbi Ansible. M\u1ed9t t\u1ec7p m\u1eadt kh\u1ea9u c\u00f3 th\u1ec3 cung c\u1ea5p cho Ansible m\u1ecdi th\u1ee9 c\u1ea7n thi\u1ebft \u0111\u1ec3 ch\u1ea1y trong m\u1ed9t thi\u1ebft l\u1eadp t\u1ef1 \u0111\u1ed9ng.<\/p>\n M\u1eadt kh\u1ea9u vault c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c nh\u1eadp th\u1ee7 c\u00f4ng ho\u1eb7c t\u1ef1 \u0111\u1ed9ng th\u00f4ng qua t\u1ec7p m\u1eadt kh\u1ea9u. B\u1ea1n th\u1eadm ch\u00ed c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng tr\u00ecnh qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u b\u00ean ngo\u00e0i v\u00e0 tri\u1ec3n khai t\u1eadp l\u1ec7nh ho\u1eb7c gi\u1ea3i ph\u00e1p kh\u00e1c \u0111\u1ec3 l\u1ea5y l\u1ea1i m\u1eadt kh\u1ea9u.<\/p>\n V\u00ed d\u1ee5 n\u00e0y v\u1ec1 Ansible Vault tri\u1ec3n khai rclone<\/a> cho c\u00e1c n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd v\u00e0 c\u1ea5u h\u00ecnh n\u00f3 \u0111\u1ec3 k\u1ebft n\u1ed1i v\u1edbi phi\u00ean b\u1ea3n Linode Object Storage. B\u00ed m\u1eadt l\u00e0 kh\u00f3a truy c\u1eadp cho phi\u00ean b\u1ea3n l\u01b0u tr\u1eef \u0111\u1ed1i t\u01b0\u1ee3ng.<\/p>\n \u0110\u1ec3 th\u1ef1c hi\u1ec7n theo, b\u1ea1n c\u1ea7n thi\u1ebft l\u1eadp m\u1ed9t phi\u00ean b\u1ea3n Linode Object Storage v\u1edbi kh\u00f3a truy c\u1eadp v\u00e0 \u00edt nh\u1ea5t m\u1ed9t bucket. B\u1ea1n c\u00f3 th\u1ec3 t\u00ecm hi\u1ec3u c\u00e1ch th\u1ef1c hi\u1ec7n trong h\u01b0\u1edbng d\u1eabn Object Storage – Get Started<\/a> c\u1ee7a ch\u00fang t\u00f4i .<\/p>\n 1.T\u1ea1o m\u1ed9t t\u1ec7p c\u00f3 kh\u00f3a truy c\u1eadp cho phi\u00ean b\u1ea3n Linode Object Storage c\u1ee7a b\u1ea1n. B\u1ea1n c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n b\u1eb1ng l\u1ec7nh sau, ch\u1ec9 c\u1ea7n thay th\u1ebf v\u0103n b\u1ea3n trong d\u1ea5u ngo\u1eb7c nh\u1ecdn b\u1eb1ng kh\u00f3a l\u01b0u tr\u1eef \u0111\u1ed1i t\u01b0\u1ee3ng t\u01b0\u01a1ng \u1ee9ng c\u1ee7a b\u1ea1n:<\/p>\n N\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible<\/p>\n Ansible Vault s\u1ebd nh\u1eafc b\u1ea1n t\u1ea1o m\u1eadt kh\u1ea9u vault tr\u01b0\u1edbc khi m\u00e3 h\u00f3a n\u1ed9i dung t\u1ec7p.<\/p>\n 2.T\u1ea1o m\u1ed9t t\u1ec7p m\u1eadt kh\u1ea9u trong c\u00f9ng th\u01b0 m\u1ee5c m\u00e0 b\u1ea1n \u0111\u1ecbnh t\u1ea1o playbook Ansible. T\u1ec7p n\u00e0y ch\u1ec9 c\u1ea7n ch\u1ee9a m\u1eadt kh\u1ea9u cho t\u1ec7p b\u00ed m\u1eadt \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a c\u1ee7a b\u1ea1n. V\u00ed d\u1ee5 trong l\u1ec7nh ti\u1ebfp theo n\u00e0y gi\u1ea3 \u0111\u1ecbnh m\u1eadt kh\u1ea9u c\u1ee7a b\u1ea1n l\u00e0 N\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible<\/p>\n 3.T\u1ea1o m\u1ed9t playbook Ansible m\u1edbi v\u1edbi c\u00e1c n\u1ed9i dung sau. Playbook n\u00e0y k\u1ebft n\u1ed1i v\u1edbi nh\u1eefng ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng ph\u1ea3i root \u0111\u01b0\u1ee3c t\u1ea1o b\u1eb1ng playbook trong ph\u1ea7n tr\u01b0\u1edbc c\u1ee7a h\u01b0\u1edbng d\u1eabn n\u00e0y. Sau \u0111\u00f3, playbook s\u1ebd c\u00e0i \u0111\u1eb7t rclone v\u00e0 t\u1ea1o t\u1ec7p c\u1ea5u h\u00ecnh cho n\u00f3. Playbook c\u0169ng ch\u00e8n c\u00e1c kh\u00f3a truy c\u1eadp t\u1eeb t\u1ec7p 4.Ch\u1ea1y playbook Ansible. L\u1ec7nh playbook \u1edf \u0111\u00e2y th\u00eam c\u00e1c bi\u1ebfn t\u1eeb t\u1ec7p secrets b\u1eb1ng t\u00f9y N\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible<\/p>\n K\u1ebft qu\u1ea3 s\u1ebd gi\u1ed1ng nh\u01b0 sau:<\/p>\n 5.\u0110\u1ec3 x\u00e1c minh m\u1ecdi th\u1ee9 \u0111ang ho\u1ea1t \u0111\u1ed9ng nh\u01b0 mong \u0111\u1ee3i, h\u00e3y \u0111\u0103ng nh\u1eadp v\u00e0o b\u1ea5t k\u1ef3 n\u00fat n\u00e0o \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd v\u1edbi t\u01b0 c\u00e1ch l\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng ph\u1ea3i root. Sau \u0111\u00f3, s\u1eed d\u1ee5ng l\u1ec7nh sau \u0111\u1ec3 li\u1ec7t k\u00ea c\u00e1c th\u00f9ng tr\u00ean phi\u00ean b\u1ea3n Linode Object Storage c\u1ee7a b\u1ea1n:<\/p>\n N\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd Ansible<\/p>\n B\u1ea1n s\u1ebd th\u1ea5y n\u1ed9i dung t\u01b0\u01a1ng t\u1ef1 nh\u01b0 sau cho m\u1ed7i nh\u00f3m, trong \u0111\u00f3 C\u00f3 nh\u1eefng gi\u1ea3i ph\u00e1p chuy\u00ean d\u1ee5ng \u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt v\u00e0 nhi\u1ec1u tr\u00ecnh qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u c\u00f3 kh\u1ea3 n\u0103ng th\u1ef1c hi\u1ec7n \u0111i\u1ec1u \u0111\u00f3 cho s\u1ed5 tay h\u01b0\u1edbng d\u1eabn Ansible c\u1ee7a b\u1ea1n. V\u1ec1 ph\u01b0\u01a1ng ph\u00e1p c\u01a1 b\u1ea3n, nhi\u1ec1u c\u00f4ng c\u1ee5 trong s\u1ed1 n\u00e0y ho\u1ea1t \u0111\u1ed9ng t\u01b0\u01a1ng t\u1ef1 nh\u01b0 Ansible Vault. M\u1eb7c d\u00f9 l\u00e0 c\u00f4ng c\u1ee5 b\u00ean ngo\u00e0i, m\u1ed9t s\u1ed1 \u0111\u01b0\u1ee3c h\u1ed7 tr\u1ee3 b\u1edfi c\u00e1c plugin ch\u00ednh th\u1ee9c ho\u1eb7c c\u1ed9ng \u0111\u1ed3ng cho Ansible.<\/p>\n \u01afu \u0111i\u1ec3m ch\u00ednh c\u1ee7a gi\u1ea3i ph\u00e1p qu\u1ea3n l\u00fd b\u00ed m\u1eadt b\u00ean ngo\u00e0i l\u00e0 s\u1eed d\u1ee5ng m\u1ed9t c\u00f4ng c\u1ee5 \u0111\u00e3 \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng r\u1ed9ng r\u00e3i h\u01a1n trong nh\u00f3m ho\u1eb7c t\u1ed5 ch\u1ee9c c\u1ee7a b\u1ea1n. Ansible Vault c\u00f3 th\u1ec3 cung c\u1ea5p t\u00edch h\u1ee3p m\u1eb7c \u0111\u1ecbnh v\u1edbi Ansible, nh\u01b0ng b\u1ea1n c\u00f3 th\u1ec3 kh\u00f4ng s\u1eed d\u1ee5ng n\u00f3 r\u1ed9ng r\u00e3i h\u01a1n \u0111\u1ec3 qu\u1ea3n l\u00fd m\u1eadt kh\u1ea9u trong t\u1ed5 ch\u1ee9c c\u1ee7a m\u00ecnh.<\/p>\n M\u1ed9t trong nh\u1eefng gi\u1ea3i ph\u00e1p ph\u1ed5 bi\u1ebfn nh\u1ea5t \u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt l\u00e0 HashiCorp’s Vault<\/a> . HashiCorp’s Vault l\u00e0 h\u1ec7 th\u1ed1ng qu\u1ea3n l\u00fd b\u00ed m\u1eadt t\u1eadp trung v\u1edbi c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng \u0111\u1ed9ng \u0111\u1ec3 gi\u1eef an to\u00e0n cho m\u1eadt kh\u1ea9u, kh\u00f3a v\u00e0 c\u00e1c b\u00ed m\u1eadt kh\u00e1c.<\/p>\n Ansible duy tr\u00ec m\u1ed9t plugin \u0111\u1ec3 t\u01b0\u01a1ng t\u00e1c v\u1edbi HashiCorp’s Vault, C\u00e1c b\u01b0\u1edbc sau \u0111\u00e2y h\u01b0\u1edbng d\u1eabn b\u1ea1n qua m\u1ed9t v\u00ed d\u1ee5 s\u1eed d\u1ee5ng HashiCorp’s Vault v\u1edbi Ansible. V\u00ed d\u1ee5 n\u00e0y \u0111\u1ea1t \u0111\u01b0\u1ee3c c\u00f9ng m\u1ee5c \u0111\u00edch nh\u01b0 v\u00ed d\u1ee5 trong ph\u1ea7n tr\u01b0\u1edbc, do \u0111\u00f3 b\u1ea1n c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng so s\u00e1nh hai v\u00ed d\u1ee5 h\u01a1n.<\/p>\n 1.Th\u1ef1c hi\u1ec7n theo h\u01b0\u1edbng d\u1eabn c\u1ee7a ch\u00fang t\u00f4i v\u1ec1 Thi\u1ebft l\u1eadp v\u00e0 S\u1eed d\u1ee5ng M\u00e1y ch\u1ee7 Vault<\/a> . Cu\u1ed1i c\u00f9ng, b\u1ea1n s\u1ebd c\u00e0i \u0111\u1eb7t \u0111\u01b0\u1ee3c HashiCorp’s Vault, m\u00e1y ch\u1ee7 Vault \u0111ang ch\u1ea1y v\u00e0 \u0111\u01b0\u1ee3c m\u1edf kh\u00f3a, v\u00e0 \u0111\u0103ng nh\u1eadp v\u00e0o Vault.<\/p>\n 2.\u0110\u1ea3m b\u1ea3o r\u1eb1ng c\u00f4ng c\u1ee5 kh\u00f3a-gi\u00e1 tr\u1ecb ( M\u00e1y ch\u1ee7 Vault<\/p>\n 3.Th\u00eam kh\u00f3a truy c\u1eadp cho phi\u00ean b\u1ea3n Linode Object Storage c\u1ee7a b\u1ea1n v\u00e0o M\u00e1y ch\u1ee7 Vault<\/p>\n 4.Tr\u00ean n\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible c\u1ee7a b\u1ea1n, h\u00e3y c\u00e0i \u0111\u1eb7t N\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible<\/p>\n 5.T\u1ea1o m\u1ed9t playbook Ansible m\u1edbi v\u1edbi n\u1ed9i dung hi\u1ec3n th\u1ecb b\u00ean d\u01b0\u1edbi. Playbook n\u00e0y song song v\u1edbi playbook \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng trong ph\u1ea7n tr\u01b0\u1edbc, c\u00e0i \u0111\u1eb7t v\u00e0 c\u1ea5u h\u00ecnh Thay th\u1ebf c\u1ea3 hai tr\u01b0\u1eddng h\u1ee3p 6.Ch\u1ea1y playbook Ansible, cung c\u1ea5p m\u1eadt kh\u1ea9u ph\u00f9 h\u1ee3p khi \u0111\u01b0\u1ee3c nh\u1eafc:<\/p>\n N\u00fat \u0111i\u1ec1u khi\u1ec3n Ansible<\/p>\n K\u1ebft qu\u1ea3 s\u1ebd gi\u1ed1ng nh\u01b0 sau:<\/p>\n 7.Gi\u1ed1ng nh\u01b0 ph\u1ea7n tr\u01b0\u1edbc, b\u1ea1n c\u00f3 th\u1ec3 x\u00e1c minh thi\u1ebft l\u1eadp b\u1eb1ng c\u00e1ch \u0111\u0103ng nh\u1eadp v\u00e0o m\u1ed9t trong c\u00e1c n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd v\u00e0 ch\u1ea1y B\u00e2y gi\u1edd b\u1ea1n c\u00f3 m\u1ed9t s\u1ed1 t\u00f9y ch\u1ecdn \u0111\u1ec3 \u0111\u1ea3m b\u1ea3o r\u1eb1ng thi\u1ebft l\u1eadp Ansible c\u1ee7a b\u1ea1n c\u00f3 c\u00e1c b\u00ed m\u1eadt an to\u00e0n. Vi\u1ec7c l\u1ef1a ch\u1ecdn gi\u1eefa c\u00e1c t\u00f9y ch\u1ecdn n\u00e0y ph\u1ee5 thu\u1ed9c v\u00e0o quy m\u00f4 v\u00e0 kh\u1ea3 n\u0103ng truy c\u1eadp. Nh\u1eadp th\u1ee7 c\u00f4ng r\u1ea5t \u0111\u01a1n gi\u1ea3n \u0111\u1ec3 b\u1eaft \u0111\u1ea7u, nh\u01b0ng ch\u1ec9 ph\u00f9 h\u1ee3p v\u1edbi c\u00e1c d\u1ef1 \u00e1n v\u00e0 nh\u00f3m nh\u1ecf h\u01a1n. Ansible Vault theo nhi\u1ec1u c\u00e1ch l\u00e0 l\u00fd t\u01b0\u1edfng, nh\u01b0ng m\u1ed9t gi\u1ea3i ph\u00e1p b\u00ean ngo\u00e0i c\u00f3 th\u1ec3 ph\u00f9 h\u1ee3p h\u01a1n v\u1edbi nh\u00f3m v\u00e0 t\u1ed5 ch\u1ee9c c\u1ee7a b\u1ea1n.<\/p>\n \u0110\u1ec3 ti\u1ebfp t\u1ee5c t\u00ecm hi\u1ec3u v\u1ec1 Ansible v\u00e0 t\u1ef1 \u0111\u1ed9ng h\u00f3a hi\u1ec7u qu\u1ea3 c\u00e1c t\u00e1c v\u1ee5 m\u00e1y ch\u1ee7 c\u1ee7a b\u1ea1n, h\u00e3y \u0111\u1ecdc th\u00eam h\u01b0\u1edbng d\u1eabn c\u1ee7a ch\u00fang t\u00f4i v\u1ec1 Ansible<\/a> .<\/p>\n B\u1ea1n c\u00f3 th\u1ec3 mu\u1ed1n tham kh\u1ea3o c\u00e1c ngu\u1ed3n sau \u0111\u1ec3 bi\u1ebft th\u00eam th\u00f4ng tin v\u1ec1 ch\u1ee7 \u0111\u1ec1 n\u00e0y. M\u1eb7c d\u00f9 ch\u00fang t\u00f4i cung c\u1ea5p v\u1edbi hy v\u1ecdng r\u1eb1ng ch\u00fang s\u1ebd h\u1eefu \u00edch, nh\u01b0ng xin l\u01b0u \u00fd r\u1eb1ng ch\u00fang t\u00f4i kh\u00f4ng th\u1ec3 \u0111\u1ea3m b\u1ea3o t\u00ednh ch\u00ednh x\u00e1c ho\u1eb7c t\u00ednh k\u1ecbp th\u1eddi c\u1ee7a c\u00e1c t\u00e0i li\u1ec7u \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef b\u00ean ngo\u00e0i.<\/p>\n Ansible n\u1ed5i b\u1eadt v\u1edbi kh\u1ea3 n\u0103ng t\u1ef1 \u0111\u1ed9ng h\u00f3a vi\u1ec7c cung c\u1ea5p v\u00e0 qu\u1ea3n l\u00fd m\u00e1y ch\u1ee7. C\u00e1c playbook c\u1ee7a Ansible, kh\u1ea3 n\u0103ng nh\u00f3m v\u00e0 s\u1eafp x\u1ebfp t\u00e0i nguy\u00ean, c\u00f9ng nhi\u1ec1u t\u00ednh n\u0103ng kh\u00e1c khi\u1ebfn n\u00f3 tr\u1edf th\u00e0nh m\u1ed9t t\u00e0i s\u1ea3n tuy\u1ec7t v\u1eddi \u0111\u1ec3 qu\u1ea3n l\u00fd m\u00e1y ch\u1ee7. Tuy nhi\u00ean, ho\u1ea1t \u0111\u1ed9ng c\u1ee7a Ansible th\u01b0\u1eddng<\/p>\n","protected":false},"author":1,"featured_media":35676,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129],"tags":[],"class_list":["post-34914","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ansible"],"_links":{"self":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34914","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/comments?post=34914"}],"version-history":[{"count":0,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/posts\/34914\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/media\/35676"}],"wp:attachment":[{"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/media?parent=34914"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/categories?post=34914"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jupitek.maudemo.vip\/index.php\/wp-json\/wp\/v2\/tags?post=34914"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}192.0.2.1<\/code>v\u00e0 192.0.2.2<\/code>trong su\u1ed1t, v\u00e0 \u0111\u01b0\u1ee3c li\u1ec7t k\u00ea trong m\u1ed9t ansiblenodes<\/code>nh\u00f3m trong kho l\u01b0u tr\u1eef Ansible c\u1ee7a n\u00fat \u0111i\u1ec1u khi\u1ec3n.<\/p>\nS\u1eed d\u1ee5ng l\u1eddi nh\u1eafc \u0111\u1ec3 nh\u1eadp b\u00ed m\u1eadt theo c\u00e1ch th\u1ee7 c\u00f4ng<\/a><\/h3>\n
vars_prompt<\/code>t\u00f9y ch\u1ecdn nh\u1eafc ng\u01b0\u1eddi d\u00f9ng nh\u1eadp m\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng m\u1edbi. Sau \u0111\u00f3, Ansible b\u0103m m\u1eadt kh\u1ea9u v\u00e0 tri\u1ec3n khai ng\u01b0\u1eddi d\u00f9ng m\u1edbi \u0111\u1ebfn t\u1eebng n\u00fat \u0111\u01b0\u1ee3c qu\u1ea3n l\u00fd.<\/p>\n--ask-pass<\/code>ch\u1ecdn trong m\u1ed9t s\u1ed1 l\u1ec7nh playbook Ansible b\u00ean d\u01b0\u1edbi. N\u1ebfu kh\u00f3a SSH c\u1ee7a b\u1ea1n kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt b\u1eb1ng m\u1eadt kh\u1ea9u, h\u00e3y x\u00f3a t\u00f9y --ask-pass<\/code>ch\u1ecdn kh\u1ecfi c\u00e1c l\u1ec7nh playbook Ansible \u0111\u01b0\u1ee3c hi\u1ec3n th\u1ecb trong h\u01b0\u1edbng d\u1eabn n\u00e0y.<\/p>\n---\n- hosts: ansiblenodes\n remote_user: root\n vars:\n limited_user_name: 'example-user'\n vars_prompt:\n - name: limited_user_password\n prompt: Enter a password for the new non-root user\n tasks:\n - name: \"Create a non-root user\"\n user: name={{ limited_user_name }}\n password={{ limited_user_password | password_hash }}\n shell=\/bin\/bash\n - name: Add an authorized key for passwordless logins\n authorized_key: user={{ limited_user_name }} key=\"{{ lookup('file', '~\/.ssh\/id_rsa.pub') }}\"\n - name: Add the new user to the sudoers list\n lineinfile: dest=\/etc\/sudoers\n regexp=\"{{ limited_user_name }} ALL\"\n line=\"{{ limited_user_name }} ALL=(ALL) ALL\"\n state=present<\/code><\/pre>\nansible-playbook --ask-pass add_limited_user.yml<\/code><\/pre>\nSSH password:\nEnter a password for the new non-root user:\n\nPLAY [ansiblenodes] ************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [192.0.2.2]\nok: [192.0.2.1]\n\nTASK [Create a non-root user] **************************************************\nchanged: [192.0.2.1]\nchanged: [192.0.2.2]\n\nTASK [Add remote authorized key to allow future passwordless logins] ***********\nok: [192.0.2.1]\nok: [192.0.2.2]\n\nTASK [Add normal user to sudoers] **********************************************\nok: [192.0.2.1]\nok: [192.0.2.2]\n\nPLAY RECAP *********************************************************************\n192.0.2.1 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n192.0.2.2 <\/code><\/pre>\nS\u1eed d\u1ee5ng Ansible Vault \u0111\u1ec3 qu\u1ea3n l\u00fd b\u00ed m\u1eadt<\/a><\/h3>\n
echo \"s3_access_token: <S3_ACCESS_TOKEN>\" > s3_secrets.enc\necho \"s3_secret_token: <S3_SECRET_TOKEN>\" >> s3_secrets.enc\nansible-vault encrypt s3_secrets.enc<\/code><\/pre>\nNew Vault password:\nConfirm New Vault password:\nEncryption successful\n<\/code><\/pre>\nexamplepassword<\/code>:<\/p>\necho \"examplepassword\" > example.pwd<\/code><\/pre>\ns3_secrets.enc<\/code>v\u00e0o t\u1ec7p c\u1ea5u h\u00ecnh.<\/p>\n---\n- hosts: ansiblenodes\n remote_user: 'example-user'\n become: yes\n become_method: sudo\n vars:\n s3_region: 'us-southeast-1'\n tasks:\n - name: \"Install rclone\"\n apt:\n pkg:\n - rclone\n state: present\n update_cache: yes\n - name: \"Create the directory for the rclone configuration\"\n file:\n path: \"\/home\/example-user\/.config\/rclone\"\n state: directory\n - name: \"Create the rclone configuration file\"\n copy:\n dest: \"\/home\/example-user\/.config\/rclone\/rclone.conf\"\n content: |\n [linodes3]\n type = s3\n env_auth = false\n acl = private\n access_key_id = {{ s3_access_token }}\n secret_access_key = {{ s3_secret_token }}\n region = {{ s3_region }}\n endpoint = {{ s3_region }}.linodeobjects.com <\/code><\/pre>\n-e<\/code>ch\u1ecdn v\u00e0 l\u1ea5y m\u1eadt kh\u1ea9u \u0111\u1ec3 gi\u1ea3i m\u00e3 ch\u00fang t\u1eeb --vault-password-file<\/code>. --ask-become-pass<\/code>T\u00f9y ch\u1ecdn c\u00f3 d\u1ea5u nh\u1eafc Ansible cho m\u1eadt kh\u1ea9u c\u1ee7a ng\u01b0\u1eddi d\u00f9ng b\u1ecb gi\u1edbi h\u1ea1n sudo<\/code>.<\/p>\nansible-playbook -e @s3_secrets.enc --vault-password-file example.pwd --ask-pass --ask-become-pass set_up_rclone.yml<\/code><\/pre>\nSSH password:\nBECOME password[defaults to SSH password]:\n\nPLAY [ansiblenodes] ************************************************************\n\nTASK [Gathering Facts] *********************************************************\nok: [192.0.2.2]\nok: [192.0.2.1]\n\nTASK [Install rclone] **********************************************************\nchanged: [192.0.2.1]\nchanged: [192.0.2.2]\n\nTASK [Create the directory for the rclone configuration] ***********************\nchanged: [192.0.2.2]\nchanged: [192.0.2.1]\n\nTASK [Create the rclone configuration file] ************************************\nchanged: [192.0.2.2]\nchanged: [192.0.2.1]\n\nPLAY RECAP *********************************************************************\n192.0.2.1 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n192.0.2.2 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0<\/code><\/pre>\nrclone lsd linodes3:<\/code><\/pre>\nansible-test-bucket<\/code>c\u00f3 t\u00ean c\u1ee7a nh\u00f3m:<\/p>\n-1 2022-12-08 00:00:00 -1 ansible-test-bucket\n<\/code><\/pre>\nS\u1eed d\u1ee5ng Tr\u00ecnh qu\u1ea3n l\u00fd b\u00ed m\u1eadt<\/a><\/h3>\n
hashi_vault<\/code>plugin<\/a> .<\/p>\nkv<\/code>) \u0111\u01b0\u1ee3c b\u1eadt cho secret<\/code>\u0111\u01b0\u1eddng d\u1eabn:<\/p>\nvault secrets enable -path=secret\/ kv<\/code><\/pre>\nSuccess! Enabled the kv secrets engine at: secret\/<\/code><\/pre>\nsecret\/s3<\/code>\u0111\u01b0\u1eddng d\u1eabn trong kho l\u01b0u tr\u1eef. Thay th\u1ebf v\u0103n b\u1ea3n trong d\u1ea5u ngo\u1eb7c nh\u1ecdn b\u00ean d\u01b0\u1edbi b\u1eb1ng c\u00e1c kh\u00f3a t\u01b0\u01a1ng \u1ee9ng c\u1ee7a b\u1ea1n:<\/p>\nvault kv put secret\/s3 s3_access_token=<S3_ACCESS_TOKEN> s3_secret_token=<S3_SECRET_TOKEN><\/code><\/pre>\nSuccess! Data written to: secret\/s3\n<\/code><\/pre>\nhvac<\/code>qua pip<\/code>\u0111\u1ec3 s\u1eed d\u1ee5ng hashi_vault<\/code>plugin \u0111\u01b0\u1ee3c tham chi\u1ebfu trong s\u1ed5 tay h\u01b0\u1edbng d\u1eabn Ansible b\u00ean d\u01b0\u1edbi.<\/p>\npip install hvac<\/code><\/pre>\nrclone<\/code>\u0111\u1ec3 k\u1ebft n\u1ed1i v\u1edbi m\u1ed9t phi\u00ean b\u1ea3n Linode Object Storage. Phi\u00ean b\u1ea3n n\u00e0y ch\u1ec9 l\u1ea5y c\u00e1c b\u00ed m\u1eadt t\u1eeb m\u1ed9t vault HashiCorp thay v\u00ec m\u1ed9t vault Ansible:<\/p>\n<HASHI_VAULT_IP><\/code>b\u00ean d\u01b0\u1edbi b\u1eb1ng \u0111\u1ecba ch\u1ec9 IP cho m\u00e1y ch\u1ee7 HashiCorp Vault c\u1ee7a b\u1ea1n. T\u01b0\u01a1ng t\u1ef1, thay th\u1ebf c\u1ea3 hai tr\u01b0\u1eddng h\u1ee3p <HASHI_VAULT_TOKEN><\/code>b\u1eb1ng m\u00e3 th\u00f4ng b\u00e1o \u0111\u0103ng nh\u1eadp c\u1ee7a b\u1ea1n cho m\u00e1y ch\u1ee7 HashiCorp Vault.<\/p>\n---\n- hosts: ansiblenodes\n remote_user: 'example-user'\n become: yes\n become_method: sudo\n vars:\n s3_region: 'us-southeast-1'\n tasks:\n - name: \"Install rclone\"\n apt:\n pkg:\n - rclone\n state: present\n update_cache: yes\n - name: \"Create the directory for the rclone configuration\"\n file:\n path: \"\/home\/example-user\/.config\/rclone\"\n state: directory\n - name: \"Create the rclone configuration file\"\n copy:\n dest: \"\/home\/example-user\/.config\/rclone\/rclone.conf\"\n content: |\n [linodes3]\n type = s3\n env_auth = false\n acl = private\n access_key_id = {{ lookup('hashi_vault', 'secret=secret\/s3:s3_access_token token=<HASHI_VAULT_TOKEN> url=http:\/\/<HASHI_VAULT_IP>:8200')}}\n secret_access_key = {{ lookup('hashi_vault', 'secret=secret\/s3:s3_secret_token token=<HASHI_VAULT_TOKEN> url=http:\/\/<HASHI_VAULT_IP>:8200')}}\n region = {{ s3_region }}\n endpoint = {{ s3_region }}.linodeobjects.com <\/code><\/pre>\nansible-playbook --ask-pass --ask-become-pass another_rclone_setup.yml<\/code><\/pre>\nSSH password:\nBECOME password[defaults to SSH password]:\n\nPLAY [ansiblenodes] ********************************************************\n\nTASK [Gathering Facts] *****************************************************\nok: [192.0.2.2]\nok: [192.0.2.1]\n\nTASK [Install rclone] ******************************************************\nchanged: [192.0.2.2]\nchanged: [192.0.2.1]\n\nTASK [Create the directory for the rclone configuration] *******************\nchanged: [192.0.2.2]\nchanged: [192.0.2.1]\n\nTASK [Create the rclone configuration file] ********************************\nchanged: [192.0.2.1]\nchanged: [192.0.2.2]\n\nPLAY RECAP *****************************************************************\n192.0.2.1 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0\n192.0.2.2 : ok=4 changed=3 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0<\/code><\/pre>\nls<\/code>l\u1ec7nh rclone, ch\u1eb3ng h\u1ea1n nh\u01b0 rclone lsd linodes3:<\/code>.<\/p>\nPh\u1ea7n k\u1ebft lu\u1eadn<\/a><\/h2>\n
Th\u00f4ng tin th\u00eam<\/h2>\n
\n