Hi All
i’m trying to give a few users access to an an Ansible server to run playbooks to do Application recycle on a few servers, these users should not have access to the target servers for security reason, so there is what i have and what has been done.
ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
inventory = /etc/ansible/hosts
and here is the host file
[jbservers]
server01
server02
[all:vars]
ansible_ssh_user= someuser
ansible_ssh_private_key_file = /rsa/id_rsa
my ansible server use a service account and Key based login (Private/Public key)
i added a few users with limited access to the Ansible server, they can access a directory to run playbooks from with no sudo or root access, only permission to run a few playbooks.
when the users run the playbooks targeting the servers in the ansible host file the playbooks will fail with error message bellow when these users run it.
\nLoad key “/rsa/id_rsa”: Permission denied\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", “unreachable”: true}
but if i give the users permission to access the ssh private key ( /rsa/id_rsa) then they can run the playbooks with no issue.
the question is:
how can i make users run these playbooks without giving them permissions to read the private key (/rsa/id_rsa) ?
being looking since last night, can not find any way to do it, even with ansible-vault doesnt seem to work.
Thanks in advance for your help.