Our boxes have one user for Ansible that has appropriate privileged escalations & SSH keys. This works fine, if you su - to that user. Otherwise, if you are yourself, you can only run plays by providing the passphrase for sudo and ssh. I’d like to have the Sudoers file (and appropriate bash aliases) on the control machine setup so that members of our team (all in a particular group in /etc/groups) can run ansible plays as themselves, but in reality be running them as the ansible user. This should be transparent to the members of the team i.e. they type “ansible-playbook someplay.yml” without having to type sudo or su or anything else.
I am having trouble getting this to work correctly. Are there any tips/tricks out there for doing this?
ANSIBLEADMINS ALL = (ANSIBLE) NOPASSWD: ANSIBLECMNDS
in the .bashrc or .bash_profile or .bash_aliases or profile.local or whatever you use:
alias ansible=‘sudo -u ansibleuser /usr/bin/ansible’
alias ansible-console=‘sudo -u ansibleuser /usr/bin/ansible-console’
alias ansible-doc=‘sudo -u ansibleuser /usr/bin/ansible-doc’
alias ansible-galaxy=‘sudo -u ansibleuser /usr/bin/ansible-galaxy’
alias ansible-playbook=‘sudo -u ansibleuser /usr/bin/ansible-playbook’
alias ansible-pull=‘sudo -u ansibleuser /usr/bin/ansible-pull’
alias ansible-vault=‘sudo -u iansibleuser /usr/bin/ansible-vault’