"The inline extra-vars are meant to have things like aws_access_key and other sensitive tokens away from potentially public version-controlled files."
That makes sense, though if you want to keep them private, also consider ansible-vault (and maybe not keeping them in source control paths) if you want. On Mon, Jun 23, 2014 at 12:17 PM, Roman Valls <[email protected]> wrote: > Thanks Michael, > > I see, so you would go for the second option and implement the add_host > trick described here? Clever: > > http://skvidal.wordpress.com/2012/10/31/ansible-and-cloud-instances/ > > The inline extra-vars are meant to have things like aws_access_key and > other sensitive tokens away from potentially public version-controlled > files. > > In the future we might check if those are on, for instance, $HOME/.botorc > instead of having them in a .yml file in our playbook, just one commit away > from being published in the open. > > Thanks again! > Roman > > > Den måndagen den 23:e juni 2014 kl. 16:12:24 UTC+2 skrev Michael DeHaan: >> >> I'd probably keep the provisioning playbooks seperate and then have them >> include the configuration portion using the usual "add_host" handoff. >> >> Also I should point out >> >> --extra-vars @from_file.yml >> >> is an option >> >> >> >> >> On Mon, Jun 23, 2014 at 8:41 AM, Roman Valls <[email protected]> >> wrote: >> >>> Hello Ansible-Project, >>> >>> I would like to know which best practices are there when it comes to >>> deploying a playbook to several different cloud providers (mainly AWS and >>> GCE now, but more might come later). >>> >>> More specifically, which one feels more natural to you: >>> >>> ansible-playbook site.yml --extra-vars "cloud_provider=aws >>> aws_access_key=..." >>> ansible-playbook site.yml --extra-vars="cloud_provider=gce >>> gce_service_email=..." >>> >>> Which follows ansible docs on Best Practices... >>> >>> ... or the following, shorter version instead? >>> >>> ansible-playbook aws.yml --extra-vars "aws_access_key=..." >>> ansible-playbook gce.yml --extra-vars="gce_service_email=..." >>> >>> >>> >>> Here's the original GitHub discussion that triggered this email, thanks >>> Michael DeeHann for pointing this google group: >>> >>> https://github.com/nimiq/ansible-biostar/issues/11 >>> >>> Thanks in advance, >>> Roman >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/ansible-project/73665fe0-d3c7-43aa-970b- >>> e6de8a40f15b%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/73665fe0-d3c7-43aa-970b-e6de8a40f15b%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/1c5df81e-804c-40d0-a643-37001686d6c6%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/1c5df81e-804c-40d0-a643-37001686d6c6%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwa%3D4di5x8eLcbuMrusG10h7DATO-Ry2BMhBBXd76YpDA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
