I have a playbook that sets up a remote box, using sudo=yes. But only a limited set of users will have permission to run this, since it requires root on the remote box.
I'd like to allow less privileged users to run part of this playbook, e.g. tasks with a certain tag. These will do some relatively safe things, like updating the httpd config on the box. So when the root user sets things up, it gives these less privileged users the rights they need to run these tasks. But what's a good way to set up this playbook so that both sets of users can use it? Currently the whole playbook has sudo=yes, but that prevents the less privileged users from running it at all. Would I need to set sudo=no on the playbook, and then sudo=yes on each task that needs it? I guess I could copy these safe tasks to a separate playbook, but then they'd be duplicated, which is not ideal. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d15794b5-0916-4b87-8e0c-58f59de631f9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
