On 01.06.16 13:13 Uditha Desilva wrote: > The key restriction here is that we cannot have direct root login via the > network (i.e. "PermitRootLogins No" in /etc/ssh/sshd_config), so I need to > use an account that is able to use a passworded "sudo" in order to gain > root, which is needed to read or write these files.
No problem, as long as sudo is allowed. Providing the password via ansible-vault encrypted files works like a charm. > Thus far, the only method I have managed to get to even come close to > working is to create an archive of these directories from the primary, pull > that back to the controller, then extract them on each of the secondary > nodes -- which is horribly clunky. Hmm... > Approaches I have tried and failed on include trying to delegate the > synchronization to the master node, e.g. Storing the files on the controller is not an option? Could even be encrypted files, if you need. Otherwise I would also fetch the files from the primary to the controller and then distribute them along. Delegating the task of copying the files to the primary could also work, but that would mean the controller has to build ssh connections to the other hosts, running commands through sudo via python and that sounds pretty fragile. Johannes -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/574F1C70.2030003%40ojkastl.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
