Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


One way to ensure that your passwords are overridden is to pass in overrides when you are installing Open edX using Ansible.  Ansible lets you pass in a file of overrides using the -e@/path/to/file.yml convention.

As of January 6February 2, 2017, we recommend that you override at least the following values

That file's contents look like so:


Code Block
# Ensure your instance is upgraded to the latest Xenial
sudo apt-get update -y
sudo apt-get upgrade -y

# Installed the edx_ansible role
wget -O - | sudo bash

# Create passwords specific to your installation. Please consider that you'll need to share these across application nodes if you have multiple
# The password files will be owned by root.
cd /edx/app/edx_ansible/
sudo wget
while IFS= read line; do REPLACE=$(LC_ALL=C < /dev/urandom tr -dc 'A-Za-z0-9' | head -c35) && echo "$line" | sed "s/\!\!null/\'$REPLACE\'/"; done < ./passwords.yml | sudo tee ./my-passwords.yml

# Encrypt your environment specific secrets with Ansible vault.  This step will prompt you to create a password 
# for accessing your encrypted data.  It is IMPERATIVE that you do not lose or forget this password 
sudo /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-vault encrypt ./my-passwords.yml

# Install the native installation using your encrypted passwords
cd /edx/app/edx_ansible/edx_ansible/playbooks/
sudo /edx/app/edx_ansible/venvs/edx_ansible/bin/ansible-playbook -c local ./edx_sandbox.yml -i 'localhost,' -e@/edx/app/edx_ansible/my-passwords.yml --ask-vault-pass