Ansible Inventory Security (all)

Martin_Parrella · May 6, 2021, 6:12pm

Hi there! Is there any way to overwrite the ‘all/*’ keyword in Ansible inventory? How can we prevent someone to run something nasty (intentionally or by mistake) over all our inventory?

We did a couple of tests using a dynamic inventory, but no luck. As a workaround, we are thinking to force all the playbooks to have a line similar to this one:

hosts: “{{ target_hosts | regex_replace(‘(all|\*)’, ‘invalid_target_host’) }}”

… but this doesn’t sound like the best option, any ideas?

Thanks!

Alex_Wanderley · May 6, 2021, 7:25pm

Hello,

What we’re doing here is assigning a variable to “hosts”.

Something like:
hosts: {{ variable }}

So, our playbooks have always to be called as "ansible-playbooks -e “variable=|” otherwise they will fail.

Alex

Topic		Replies	Views
RIP --override-hosts, and how to workaround it Ansible Project	3	0	May 10, 2012
How do I remove host-group "all" Ansible Project	5	1	June 28, 2014
Host vars, group vars, Inventory vars? Ansible Project	3	0	October 3, 2014
Overriding value of 'hosts' playbook variable Ansible Project	2	1	May 12, 2014
inventory host problem Ansible Project	2	0	October 28, 2020

Ansible Inventory Security (all)

Related topics