> I'm not understanding this part entirely, but I'd recommend authorizing > keys for specific users and setting up sudo in general in that case. > > For our own ansible infrastructure, this involves a list of users and > their keyfiles, and then something like what's below. > > Checking your authorized keys into source control can be a good idea. > > You may also wish to template the authorized_key file using a list of > keys, rather than using the authorized_key module. >
Thank you for the The user + key file approach, and checking in the authorized_keys work great for authorizing users. However this gets complicated when you have hosts which carry out tasks on different hosts, such as a server rsyncing files to be backed up to a backup server. These tasks are generally scripted and so keys are usually passwordless. Committing these keys with your code means that anyone who gets access to your code, gets access to your servers. This is why I will like to be able to generate the root key pair and authorize for all hosts it in a play. This way I do not have to worry about the storage of such a sensitive key potentially exposing my hosts. - Nii Nai -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/80cdab6b-7faa-49bc-889b-df96159a76db%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
