Remove ansible vault requirement

infrastructure/ansible/README.md

@@ -36,7 +36,6 @@ To run a playbook you should do:
 
 ```bash
 ansible-playbook \
-  --ask-vault-pass \
   --become \
   --inventory=inventories/<INVENTORY> \
   --user=ubuntu \
@@ -47,27 +46,8 @@ OR to run all provisioning playbooks with the development inventory (most common
 
 ```bash
 ansible-playbook \
-  --ask-vault-pass \
   --become \
   --inventory=inventories/development \
   --user=ubuntu \
   playbooks/provision.yml
 ```
-
-### Vault
-
-The vault password required for running the playbooks can be found in the `database.kdbx` KeePass file.
-
-To encrypt a new secret with vault run:
-
-```bash
-echo -n '<YOUR SECRET>' | ansible-vault encrypt_string
-```
-
-> The __New password__ is the original Ansible Vault password.
-
-## Keepass
-
-Copies of all the passwords used here are kept in the encrypted `database.kdbx` file.
-
-> Please ask your admin for the decryption password.

infrastructure/ansible/inventories/development/group_vars/all.yml

@@ -26,6 +26,9 @@ sudoers:
     key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfQ8ypu5+4rGNfMeSzB+ADffE4qT/519AFVDTIWgV4FaJipsgHdYFTVnxkJHAiixTKAqEJ2SF1RJ2/pIH2hX5p2GNWhrXuOmnqiOZEByPSsqidSNS8aMCfIzt7UZ6XvIPhagZnEQ7NCA1BOuOqzWISIEKjSqA3MvfZ5kniis5J9cbTqkGB+pgW75fuQIxtmK7iCZbwuXOO735PzkKgeT/vfg4fTlbmOeikSNO6QaamGRZ+NJfprCIx5j5GKc970k6V9d4RcQltHojgWI7Wl2VRLsprm7Xy2keaTGXfjnCDwQ2cQRUgBqIoWyDoUzNqvDYXrEAfM19sNEICMx90fXaJeGrNbMg2jjWuyPacSnB0moDtECt4zd2svozGEWnVvdY8KDAWgMbTUlrufNOzh7hyrDMpaBSmSN9npyTpekM0kWlykfU++oEexXMi41b0cZLJc9ocPJCeKZ0fzpachHW35zsUh2E6OCgbXdDxNugVrG4ecz9nUqjJGyYhCX6mhz9VxpB46wEPQ/E2rTsnIfd+xMYoyLqLzCfKf/Z8CL8/Ifq7uDRxczRmo5sCrjByOdwyUGY+JoFQMc5OcEzfyepVmcwfuhuASBGAZOr1zM1ituqG614d7W+GDRHwCeAS8zUZKFdYvL5C4nOg+OxojqnC8zSGwN3ZcnMXHvvzKdQHw==
 
 docker_users:
+  - name: Default user
+    username: ubuntu
+    state: present
   - name: bradford.sawadye@jembi.org
     username: bradfordsawadye
     state: present
@@ -56,14 +59,3 @@ firewall_subnet_restriction: "10.1.10.0/16"
 # docker_swarm_hostname_1: ip-172-31-36-41
 # docker_swarm_hostname_2: ip-172-31-35-12
 # docker_swarm_hostname_3: ip-172-31-38-234
-
-# Credentials for logging in to docker hub
-docker_username: ethiopiacdrbot
-docker_email: ryan+ethiopiacdrbot@jembi.org
-docker_password: !vault |
-  $ANSIBLE_VAULT;1.1;AES256
-  34323064326163323965306565316239366335633632633862333339323965633539376162623138
-  3166356333333635656337383236306535343164636632640a323031326166653339663162663763
-  39356130373863326163306139343332396262353036333532303530383363376237336138336136
-  3262303664386464380a613834373538376639373330363361396165333533343137613464653761
-  36383536633362653535343666333731333630383639613065393935346336613636

infrastructure/ansible/roles/common/tasks/main.yml

@@ -31,6 +31,7 @@
     comment: "{{ item.name }}"
     state: "{{ item.state }}"
   loop: "{{ sudoers + docker_users }}"
+  when: item.key is defined
 
 - name: disable root login
   lineinfile:

infrastructure/ansible/roles/docker/tasks/main.yml

@@ -61,13 +61,6 @@
     name: docker
     state: reloaded
 
-- name: adding existing user ubuntu to group sudo
-  user:
-    name: ubuntu
-    groups:
-      - docker
-    append: yes
-
 - name: Add user to docker group
   user:
     name: "{{ item.username }}"
@@ -79,14 +72,6 @@
 - name: reset ssh connection to allow user changes to affect ansible user
   meta: reset_connection
 
-- name: log in to docker hub using ubuntu user
-  become: yes
-  become_user: ubuntu
-  docker_login:
-    username: '{{ docker_username }}'
-    password: '{{ docker_password }}'
-    state: present
-
 - name: create docker daemon config path if it doesn't exist
   raw: sudo mkdir -p /etc/docker