On Saturday, April 18, 2015 at 4:05:41 PM UTC-5, Anand Buddhdev wrote:
>
> On Saturday, 18 April 2015 19:20:32 UTC+2, Serge van Ginderachter wrote:
>
> Hi Serge,
>
> No. There is nothing in the api that allows this without an update to
>> the core code.
>> It is though something to consider, when we have a look at the inventory
>> after 2.0.
>>
>
> Okay, thanks for confirming this.
>
> The reason I have asked this question is that we're using ansible in pull
> mode, with ansible running locally. This has the downside that all our
> roles, group_vars and host_vars are downloaded onto every host, thereby
> exposing some sensitive data to hosts that shouldn't see it. Naturally, we
> cannot use the vault, because it requires password entry. And trying to
> figure out the roles that a host needs also appears undoable.
>
> I have figured out a simple way to built rsync filters, that ensure that a
> pull-mode host only gets its own host_vars file, and group_vars files of
> the groups it belongs to. This has solved the issue of variables.
>
> However, roles are a different story. We have several roles for different
> things, and many of these roles contain files that are only needed on one
> or a small subset of hosts. I would like to distribute these files only to
> the hosts that need them. This is the reason I asked my question.
>
> For now, I have a work-around, that works, but is ugly. In my roles,
> wherever I need to copy a file, I'm doing this:
>
> copy: content='{{ file_content }}' dest=/path/to/dest
>
> I'm keeping the entire file's content in a variable called "file_content"
> in that host's host_vars file, or in a group_vars file if appropriate. For
> lines of a few lines, this isn't bad. But files that are bigger look ugly
> in a variable.
>
> So if Ansible had the concept of host_files and group_files, with some
> kind of "first found" logic, it would be really nice.
>
> Regards,
> Anand
>
Hum...could you make use of git or svn, and just checkout host specific
branches? Might lead to a bit a bloat on the server side, but would keep
the client side cleaner.
Don
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2eb7d9d5-a12d-460f-a116-e67a0f592f8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
