apt-get is already idempotent: e.g. vagrant@precise64:~$ sudo apt-get install nginx -y Reading package lists... Done Building dependency tree Reading state information... Done nginx is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 189 not upgraded.
vagrant@precise64:~$ sudo apt-get install nginx -y Reading package lists... Done Building dependency tree Reading state information... Done nginx is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 189 not upgraded. If you're concerned that it might "silently" upgrade you, specify "=versionnumber" to prevent that. On Wednesday, 23 March 2016 06:17:09 UTC, selvam vasu wrote: > > Hi Uditha, > I can use "command" module to accomplish my "sudo apt-get install nginx" > task, But I want to schedule my play-book to run on every half hour to > maintain configuration in my client. In this case, it always will try to > install nginx every time. But if I use apt module, it will install the > nginx package if it is not installed or doesn't have latest only. How can > we get the same using command module. But a/w it is not a straight method. > > On Wednesday, 23 March 2016 00:19:25 UTC+5:30, Uditha Desilva wrote: >> >> If that's all you really need, invoke it via a "command" stanza with a >> passwordless sudo. Problem solved. >> >> On Tuesday, 22 March 2016 18:46:35 UTC, Matt Calhoun wrote: >>> >>> Sure, except that I am running ansible on an unattended deployment box >>> (Jenkins) in this case vs real humans running interactively in the case of >>> my admins. >>> >>> I'm trying to follow a policy of least privilege and grant the user only >>> the rights to restart the nginx server as root (needs it to access port >>> 443) since that's the only thing the user needs to do that requires >>> privledge escalation. >>> >>> I'm wondering why this can't be accomplished with ansible? It seems like >>> having to allow the deploy user to run any command (rather than just the >>> one needed to restart the service) creates a potential security hole if >>> that user's key is compromised. Am I missing something here? >>> >>> On Tue, Mar 22, 2016 at 2:37 PM, Brian Coca <[email protected]> wrote: >>> >>>> you can use ansible + sudo + sudo password, you end up with exact same >>>> security. >>>> >>>> >>>> ---------- >>>> Brian Coca >>>> >>>> -- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Ansible Project" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/ansible-project/sOysHHs0kYU/unsubscribe >>>> . >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/ansible-project/CACVha7dT_0MefDXMg9-N-hD0tqaE3v5mxQcUCHduNAfd6g0ptg%40mail.gmail.com >>>> >>>> <https://groups.google.com/d/msgid/ansible-project/CACVha7dT_0MefDXMg9-N-hD0tqaE3v5mxQcUCHduNAfd6g0ptg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/b9ab7626-d2c4-4b7a-acbb-ec4e1c60a5c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
