Hi All i'm trying to give a few users access to an an Ansible server to run playbooks to do Application recycle on a few servers, these users should not have access to the target servers for security reason, so there is what i have and what has been done.
ansible --version ansible 2.4.2.0 config file = /etc/ansible/ansible.cfg #inventory = /etc/ansible/hosts and here is the host file [jbservers] server01 server02 [all:vars] ansible_ssh_user= someuser ansible_ssh_private_key_file = /rsa/id_rsa my ansible server use a service account and Key based login (Private/Public key) i added a few users with limited access to the Ansible server, they can access a directory to run playbooks from with no sudo or root access, only permission to run a few playbooks. when the users run the playbooks targeting the servers in the ansible host file the playbooks will fail with error message bellow when these users run it. \nLoad key "/rsa/id_rsa": Permission denied\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true} but if i give the users permission to access the ssh private key ( /rsa/id_rsa) then they can run the playbooks with no issue. the question is: how can i make users run these playbooks without giving them permissions to read the private key (/rsa/id_rsa) ? being looking since last night, can not find any way to do it, even with ansible-vault doesnt seem to work. Thanks in advance for your help. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ba551049-386f-4781-a327-d7cac50e46ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
