Running Ansible playbooks as www-data

Ryan_Gray · March 21, 2016, 7:56pm

Greetings,

I’m writing some web based system management utilities. Having the application fire ansible playbooks seems perfect and a natural direction to go. PHP-Ansible (https://github.com/maschmann/php-ansible) works really well provided I set things up so that my www-data user (the nginx owner) is set up with a valid shell and can run the playbooks.

Yes, I am very aware that allowing a shell on the www-data user is a very bad practice.

What are some alternatives to the “let the web server user run playbooks” aproach? I’ve got to be missing something fundamental here.

Many thanks for any thoughts anyone might have.

-goat

mcv21 · March 22, 2016, 11:26am

userv. http://www.gnu.org/software/userv/

Have a different user that runs ansible, and get www-data to speak to
that user via userv.

We make extensive use of this pattern to enable our django app (a
control panel) to control VMs and the like with ansible.

Regards,

Matthew

Ryan_Gray · March 22, 2016, 11:33am

Brilliant! This is exactly what I’ve been looking for! Thank you very much for your response!

-goat

Topic		Replies	Views
Not able to execute playbook from php shell_exec Ansible Project	3	1	October 18, 2019
Run ansible job using PHP script Ansible Project	2	8	February 15, 2016
How to run Playbook by using PHP ? Ansible Developer	0	4	January 18, 2017
User Input from web to execute Ansible playbook backend. Ansible Project	1	1	October 21, 2019
how do you run ansible? Ansible Project ansible-project	1	2	October 10, 2012

Running Ansible playbooks as www-data

Related topics