Keep in mind is that there are two things here: The user you run Ansible
as, and the remote user that Ansible acts as on the target systems. One
thing you can do is set remote_user to 'ansible', and then put your
admins' public keys in the 'ansible' user's authorized_keys file on the
target systems; then each can run Ansible as themselves, but Ansible acts
as 'ansible' on the target systems.
I'm not sure if that's better, from a best practices point of view, than
also having a shared *private* key for the 'ansible' user, having the
'ansible' user's authorized_keys file on the target systems contain only
the pubkey corresponding to that shared key, and have the admins run
Ansible as the 'ansible' user (e.g. 'sudo -u ansible ansible-playbook etc
etc'). I imagine it depends on your environment, and that there are
arguments either way.
-Josh ([email protected])
This email is intended for the person(s) to whom it is addressed and may
contain information that is PRIVILEGED or CONFIDENTIAL. Any unauthorized use,
distribution, copying, or disclosure by any person other than the addressee(s)
is strictly prohibited. If you have received this email in error, please notify
the sender immediately by return email and delete the message and any
attachments from your system.
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/21531.10648.689662.11014%40gargle.gargle.HOWL.
For more options, visit https://groups.google.com/d/optout.
