Hi Uditha, I can use "command" module to accomplish my "sudo apt-get install nginx" task, But I want to schedule my play-book to run on every half hour to maintain configuration in my client. In this case, it always will try to install nginx every time. But if I use apt module, it will install the nginx package if it is not installed or doesn't have latest only. How can we get the same using command module. But a/w it is not a straight method.
On Wednesday, 23 March 2016 00:19:25 UTC+5:30, Uditha Desilva wrote: > > If that's all you really need, invoke it via a "command" stanza with a > passwordless sudo. Problem solved. > > On Tuesday, 22 March 2016 18:46:35 UTC, Matt Calhoun wrote: >> >> Sure, except that I am running ansible on an unattended deployment box >> (Jenkins) in this case vs real humans running interactively in the case of >> my admins. >> >> I'm trying to follow a policy of least privilege and grant the user only >> the rights to restart the nginx server as root (needs it to access port >> 443) since that's the only thing the user needs to do that requires >> privledge escalation. >> >> I'm wondering why this can't be accomplished with ansible? It seems like >> having to allow the deploy user to run any command (rather than just the >> one needed to restart the service) creates a potential security hole if >> that user's key is compromised. Am I missing something here? >> >> On Tue, Mar 22, 2016 at 2:37 PM, Brian Coca <[email protected]> wrote: >> >>> you can use ansible + sudo + sudo password, you end up with exact same >>> security. >>> >>> >>> ---------- >>> Brian Coca >>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/sOysHHs0kYU/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/CACVha7dT_0MefDXMg9-N-hD0tqaE3v5mxQcUCHduNAfd6g0ptg%40mail.gmail.com >>> >>> <https://groups.google.com/d/msgid/ansible-project/CACVha7dT_0MefDXMg9-N-hD0tqaE3v5mxQcUCHduNAfd6g0ptg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/424507e8-4797-47d8-a8db-3c072737fe91%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
