11/05/2019 - ANSIBLE, DOCKER, JENKINS
In this example we are going to encrypt an application secrets file with Ansible Vault and use Ansible in Jenkins pipeline to deploy it to a remote server.
Create a application specific folder mini
where vault encrypted secret files will be stored.
jenkins@server:~$ mkdir -p ~/app-secrets/mini
Create a secrets file .env
and encrypt it at same time.
jenkins@server:~$ ansible-vault create ~/app-secrets/mini/.env
New Vault password: # type secret here (vault)
Confirm New Vault password: # type secret here again (vault)
# Place this into the editor and save it
DB_USER=inanzzz
DB_PASS=123123
Confirm encrypted file.
jenkins@server:~$ cat ~/app-secrets/mini/.env
$ANSIBLE_VAULT;1.1;AES256
30343063633063643337346233353332323433653736653437316139626438653936393137393735
6436623965666331333331646563386365383363656464310a326162336565356439623037353934
38656438393562623636666638396438623165323464303762336162616338376133636536323465
6337623135396536610a373333323936376230376534366630383536656234356663656165386130
65613434386632346631663937333965373137393666643637323331343661613362
Install "Ansible" Jenkins plugin and then add a new "Credential" as "Secret text". Set the value as vault
and ID as AnsibleVault
then save it.
└── cicd
├── merge
│ └── develop
│ └── Jenkinsfile
└── provision
└── stag
├── hosts.yml
└── site.yml
pipeline {
agent any
options {
skipDefaultCheckout(true)
}
stages {
stage('Git') {
steps {
echo '> Checking out the Git version control ...'
checkout scm
}
}
stage('Deploy') {
steps {
echo '> Deploying the application ...'
ansiblePlaybook(
vaultCredentialsId: 'AnsibleVault',
inventory: 'cicd/provision/stag/hosts.yml',
playbook: 'cicd/provision/stag/site.yml'
)
}
}
}
}
all:
hosts:
staging:
ansible_connection: ssh
ansible_user: vagrant
ansible_host: 192.168.99.30
ansible_port: 22
---
- name: Deploy the application secrets to the "staging" server
hosts: staging
remote_user: vagrant
become: yes
tasks:
- name: Create the application directory
file:
path: /home/vagrant/mini
state: directory
owner: vagrant
group: vagrant
- name: Copy secret .env file over
copy:
src: /var/lib/jenkins/app-secrets/mini/.env
dest: /home/vagrant/mini/.env
owner: vagrant
group: vagrant
no_log: true
> Checking out the Git version control ...
using GIT_SSH to set credentials
...
> Deploying the application ...
$ ansible-playbook cicd/provision/stag/site.yml -i cicd/provision/stag/hosts.yml --vault-password-file /var/lib/jenkins/workspace/mini-push-feature/vault6204200521041546377.password
PLAY [Deploy the application to the "staging" server] **************************
TASK [Gathering Facts] *********************************************************
ok: [staging]
TASK [Create the application directory] ****************************************
ok: [staging]
TASK [Copy docker files over] **************************************************
ok: [staging]
TASK [Copy secret .env file over] **********************************************
ok: [staging]
PLAY RECAP *********************************************************************
staging : ok=4 changed=0 unreachable=0 failed=0
Finished: SUCCESS
vagrant@staging:~$ ls -la mini/
-rw-r--r-- 1 vagrant vagrant 2 May 12 21:49 .env
vagrant@staging:~$ cat mini/.env
DB_USER=inanzzz
DB_PASS=123123