for such kind of tasks Ansible created Tower http://www.ansible.com/tower
Пʼятниця, 8 серпня 2014 р. 08:44:24 UTC+3 користувач Gary Malouf написав: > > Today, we have a setup where all of our playbooks, roles, etc are owned > and run by root on our 'management instance'. Some important key files are > protected/encrypted in the root home directory that playbooks need to > access at times - this is why we root owns this. To allow others to run > certain playbooks, we have given them specific sudo access for those exact > commands, put them in scripts and version controlled them. > > Our ideal world is to have two groups of users: > > 1) Can deploy, start/stop components via playbooks across the board > without specific whitelisting (but not access the root keys) > 2) Users in groups that allow them to run certain playbooks but not others > > Just wondering how other people are managing this? > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6b9a3ed0-544e-4e66-bc9c-90c938ba48b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
