for certain tasks i have a ‘maint’ user that has a sshkey w/o passphrase, run ansible from the cron with the config options using that key for that user (he also has sudo NOPASSWORD to a restricted set of commands).
I haven’t used it, but there is also fireball mode.
for certain tasks i have a 'maint' user that has a sshkey w/o passphrase,
run ansible from the cron with the config options using that key for that
user (he also has sudo NOPASSWORD to a restricted set of commands).I haven't used it, but there is also fireball mode.
Fireball mode doesn't help you with the intended case at all because
it distributes secrets over SSH.
Dylan's previous 2 answers are what is there now. I'd like to see
more done in the docs explaining how to do the ssh-agent /
SSH-AUTH-SOCK thing if someone wants to write a paragraph or two, I'll
figure out where to insert it.
Okay, here’s a stab at it: