For assorted reasons I want to remove or rename the host-group “all”. I’ve googled this already and couldn’t find it.
Can somebody tell me what file(s) to edit? (I grep’d the tree but can’t find a reasonable place to start).
Failing this, then I guess I have to write a wrapper script which I’d rather not do since the fundamental problem will still exist for anybody who runs the /usr/bin/ansible instead of the script.
this is hardcoded into ansible, that and 'ungrouped’ are both part of the inventory api.
May I ask why?
Perhaps you speak a particular language where “all” is a very offensive curse word? I’m guessing that’s not it.
Honestly, it doesn’t make a lot of sense to me and is rather fundamental to ansible that all groups have a parent group.
We’re only going to support questions about unmodified Ansibles, of course.
Because there’s a certain level of paranoia where I am. If we HAVE to specify an existing group, then that at least slows down somebody from running a command against ALL our servers.
split your inventory into discrete groups, even if they run all, it will
only include the specific inventory.
also, for that kind of fine grained access control, you might want to look
at tower.
Yep, another method might be to have an external inventory script that took an environment variable parameter.
For instance
ANSIBLE_CUSTOMER_ID=27 ansible-playbook foo.yml -i /path/to/inventory_source
The script would of course never serve up all of your inventory at once.
You could set up an alias to save some typing too.