On 26.01.17 17:04 Jonathan Bouzekri wrote: > I want to be able to reload nginx when the configuration change > without having to : > > * give sudo rights on ALL commands to the deploy user > * having to pass a become-pass in the command line
You can use ansible-vault to encrypt the host_vars file that contains the become password, and either enter the vault password on execution or have ansible read it from some file. But that might not achieve what you want to do. So, what is your goal? Do you want to restrict the one calling ansible to only be able to reload nginx? Then, as Matt said, using the raw module with an explicit sudo call, that is allowed in /etc/sudoers might work (but is kind of ugly, of course). Johannes -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e772d777-75b6-5e2e-23b0-70dbb920e4b5%40ojkastl.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
