I would have to check whether this would create an account with an empty password hash (bad) or an invalid password hash (good).
Either way it is either dangerous or useless as is. My personal preference would be to create a user account for yourself (avoid a role account) give it a password, distribute an authorized key and require a password for sudo. This is marginally less convenient in that you need to provide a password but aids auditing and allows for multiple admins to run ansible as themselves. Adam On Apr 21, 2014 7:03 AM, "Strahinja Kustudić" <[email protected]> wrote: > As Adam mentioned, don't just copy this playbook, it is just an example > and it is missing either setting a password, or an authorized_keys file for > the ansible user. > > I would also like to mention that having a user without a password which > can run commands as root without typing a password is harmless. If a user > that doesn't have a password, no one can log in like that user. > > On Monday, April 21, 2014 3:50:42 PM UTC+2, Adam Morris wrote: >> >> Yes... but please don't just copy that playbook. >> >> That gives you a passwordless user that can run commands as root without >> a password. The user module can take a password hash, and authorized keys >> can also be set up. >> >> Adam >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/rpzQhE66ex0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/9549dfee-9998-40f8-8cf1-7f14a80270cb%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/9549dfee-9998-40f8-8cf1-7f14a80270cb%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAGvoTo3OufWfbxoiGugK2xVL-jT4jt%2BsF36YXSrGH_4-2FnuFg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
