Today, we have a setup where all of our playbooks, roles, etc are owned and run by root on our 'management instance'. Some important key files are protected/encrypted in the root home directory that playbooks need to access at times - this is why we root owns this. To allow others to run certain playbooks, we have given them specific sudo access for those exact commands, put them in scripts and version controlled them.
Our ideal world is to have two groups of users: 1) Can deploy, start/stop components via playbooks across the board without specific whitelisting (but not access the root keys) 2) Users in groups that allow them to run certain playbooks but not others Just wondering how other people are managing this? -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/47772896-ce77-4844-9129-c8e5e4ee55a0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
