On 26.05.16 21:10 Matt Martz wrote: > Ansible requires the ability to run any command via sudo, it does not work > with a restricted set of commands, as it executes python via /bin/sh. It > does not directly run those commands that you have restricted that group to.
And instead of allowing your user (the one ansible connects as and runs sudo) to run all commands without a password, I would rather save the sudo password in a ansible-vault encrypted file on the controller: ansible-vault edit host_vars/foobar.yml for the host foobar, and create an entry 'become_pass: xyz' for the password xyz. Johannes -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/57474B15.3060401%40ojkastl.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
