apt-get is already idempotent: e.g.
vagrant@precise64:~$ sudo apt-get install nginx -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
nginx is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 189 not upgraded.
vagrant@precise64:~
Hi Uditha,
I can use "command" module to accomplish my "sudo apt-get install nginx"
task, But I want to schedule my play-book to run on every half hour to
maintain configuration in my client. In this case, it always will try to
install nginx every time. But if I use apt module, it will install t
The way ansible works is by running arbitrary scripts (modules) on the
remote machine, as such it is very hard to make sudo rules to allow this
that are virtually equivalent to ALL.
​Some modules do execute system commands, many others use syscalls
directly, so even if we introduce a way to 'deleg
If that's all you really need, invoke it via a "command" stanza with a
passwordless sudo. Problem solved.
On Tuesday, 22 March 2016 18:46:35 UTC, Matt Calhoun wrote:
>
> Sure, except that I am running ansible on an unattended deployment box
> (Jenkins) in this case vs real humans running interac
Sure, except that I am running ansible on an unattended deployment box
(Jenkins) in this case vs real humans running interactively in the case of
my admins.
I'm trying to follow a policy of least privilege and grant the user only
the rights to restart the nginx server as root (needs it to access p
you can use ansible + sudo + sudo password, you end up with exact same
security.
--
Brian Coca
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansib
I'm not sure I agree with that. With our admins, we have ssh with key +
sudo with a password. With this setup (running ansible as a deploy user to
deploy a web app), the only protection I have is the ssh key.
Is there a good reason the ansible user can't be restricted to specific
commands via s
It's no more a security role than allowing your sysadmins to su to root...
On Monday, 21 March 2016 18:28:21 UTC, Matt Calhoun wrote:
>
> Is there really no way to give the ansible user specific sudo NOPASSWD
> privileges? This seems like a huge security hole!
>
> On Monday, March 21, 2016 at 9:2
Is there really no way to give the ansible user specific sudo NOPASSWD
privileges? This seems like a huge security hole!
On Monday, March 21, 2016 at 9:24:31 AM UTC-4, selvam vasu wrote:
>
> Hi,
> I am newbie to ansible. You can find it easily through this dump question.
> I have limited access
2 things:
1) Ansible requires FULL sudo access, i.e
selvam ALL=(ALL) NOPASSWD: ALL
2) You may also need to allow sudo for this user to not require a tty:
Defaults:selvam !requiretty
On Monday, 21 March 2016 13:24:31 UTC, selvam vasu wrote:
>
> Hi,
> I am newbie to ansible. You can find it eas
You probably need to set sudo options to not require a tty, e.g.
Defaults:selvam
On Monday, 21 March 2016 13:24:31 UTC, selvam vasu wrote:
>
> Hi,
> I am newbie to ansible. You can find it easily through this dump question.
> I have limited access to one user(selvam) which can ran limited comman
11 matches
Mail list logo