Ideal permissions setup?

Gary_Malouf · August 8, 2014, 5:44am

Today, we have a setup where all of our playbooks, roles, etc are owned and run by root on our ‘management instance’. Some important key files are protected/encrypted in the root home directory that playbooks need to access at times - this is why we root owns this. To allow others to run certain playbooks, we have given them specific sudo access for those exact commands, put them in scripts and version controlled them.

Our ideal world is to have two groups of users:

Can deploy, start/stop components via playbooks across the board without specific whitelisting (but not access the root keys)
Users in groups that allow them to run certain playbooks but not others

Just wondering how other people are managing this?

Vitaliy_Zhhuta · August 8, 2014, 10:42am

for such kind of tasks Ansible created Tower http://www.ansible.com/tower

Пʼятниця, 8 серпня 2014 р. 08:44:24 UTC+3 користувач Gary Malouf написав:

Gary_Malouf · August 8, 2014, 1:39pm

I hear that, but atm we can not afford to go that direction. I was more asking what users who have not been able to afford the commercial product are doing in the mean-time.

Michael_DeHaan1 · August 8, 2014, 2:41pm

I’m not going to sell things on this list, but pricing has recently been updated if you have not checked recently - so it might actually make sense for you.

It’s a lot more complex to get this right than you think, so it may be worthwhile if you have such needs.

Topic		Replies	Views
Playbooks for users with different permissions Ansible Project	6	0	May 27, 2014
Running playbooks with sudo vs root Ansible Project	2	1	October 24, 2013
How to control access with sudo and FreeIPA Ansible Project	3	1	February 10, 2017
Ansible playbook execution \| root restriction Ansible Project	2	0	April 18, 2019
Ansible: multiple users to run playbook without sudo access to target machines Ansible Project	2	0	May 3, 2018

Ideal permissions setup?

Related topics