On 27.01.17 15:42 Jonathan Bouzekri wrote:
> I think that it is quite a drawback on Ansible. If you use it for
> code shipping, you will have to do some tasks which needs
> privileges escalation (reload nginx or something else). And the
> people who are doing the delivery are not necessary
Thanks, I am looking at the raw module which seems to suite my need. And
what about the shell module with a previously delivered shell script
containing my reload nginx command ? Would it work ?
On Friday, January 27, 2017 at 1:46:15 AM UTC+1, Matt Martz wrote:
>
> As you can see in the command
Yes my goal was to restrict on the OS side the commands the deployment user
is allowed to execute.
I did not know the raw module. i am looking into it. It does not seem
"ugly" ;)
I think that it is quite a drawback on Ansible. If you use it for code
shipping, you will have to do some tasks
On 26.01.17 17:04 Jonathan Bouzekri wrote:
> I want to be able to reload nginx when the configuration change
> without having to :
>
> * give sudo rights on ALL commands to the deploy user
> * having to pass a become-pass in the command line
You can use ansible-vault to encrypt the host_vars
As you can see in the command that is executed by Ansible:
sudo -H -S -n -u root /bin/bash
You cannot restrict individual commands, as we execute everything through a
sudoed shell.
The recommendation is that sudo should be configure to allow any command to
be executed, and not be restricted.
Hi,
I am migrating to a new architecture and I have provisioned my servers with
an ansible playbook. I am also using ansible to deploy my source code.
I want to be able to reload nginx when the configuration change without
having to :
* give sudo rights on ALL commands to the deploy user
*
