All geek questions in one place

How to make available only a password request if necessary

I am using ansible 2.0.2.0 to update my static website from any computer. My play only works on the local host and essentially consists of two parts:

  • The privileged part: make sure that the packages are installed, mainly apttasks withbecome: true
  • Unprivileged part: fill in the templates, minimize and synchronize with the web hosting service, mostly commandtasks without become.

I would prefer these two parts to be on the same playbook, so I don’t have to worry about dependencies when switching computers. Ideally, I would like to check if the packages are installed aptand ask for a password to get a password if he needs to install any file.

Other, less satisfactory alternatives that I have studied so far, and their disadvantages are highlighted below:

  • sudo ansible-playbook ...: starts the unprivileged part as root, asks for the sudo password when it is not required;
  • ansible-playbook --ask-become-pass ...: always asks for the sudo password, even if new packages do not need to be installed;
  • ansible-playbook ...: Failure with sudo: a password is required.

Is there a way to save privileged and unprivileged parts in the same playbook without having to enter the sudo password or giving unnecessary privileges to the unprivileged part?

+4
1

-ask-sudo-pass, , .

sudo, , script, , .

ansible.cfg localhost. , ( centos), sudo, . authorized_keys centos.

, unprivileged (as centos), sudo, start_method: sudo, root.

, , AWS-.

ansible.cfg, : -

[defaults]
hostfile = inventory
# use local centos account, and ask for sudo password
remote_user = centos
#ask_pass = true
#private_key_file = ~/packer/ec2_amazon-ebs.pem

: -

[webservers]
  localhost

my setup.sh : -

ansible-playbook playbook.yml -vvv
#ansible-playbook --ask-sudo-pass playbook.yml

, . , private_key_file , , ssh centos @localhost,

0

Source: https://habr.com/ru/post/1648755/

More articles:


All Articles