add note about sudo_user

This commit is contained in:
Michael DeHaan 2012-07-28 08:42:20 -04:00
parent 2078627e3b
commit eef5bf4778
17 changed files with 44 additions and 18 deletions

View file

@ -276,7 +276,7 @@ languages:
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -360,7 +360,7 @@ a conf.d file appropriately or something similar. Who knows?</p>
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -298,7 +298,7 @@ This way you have an audit trail describing when and why you changed the rules a
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -383,7 +383,7 @@ a simplified syntax for this.</p>
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -390,7 +390,7 @@ tasks &#8211; whether for a QA sytem, build system, or anything you can think of
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -191,7 +191,7 @@ s.parentNode.insertBefore(ga, s);
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -378,7 +378,7 @@ explore, but you already have a fully working infrastructure!</p>
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -397,7 +397,7 @@ Puppet Labs, and is now with <a class="reference external" href="http://rpath.co
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -456,7 +456,7 @@ Stop by the mailing list to inquire about requirements.</p>
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -1135,7 +1135,7 @@ yum pkg=httpd state=installed</pre>
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -367,7 +367,7 @@ a <a class="reference external" href="https://github.com/ansible/ansible/blob/de
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -250,14 +250,26 @@ documentation. The <cite>user</cite> is just the name of the user account:</p>
</div> </div>
<p>Support for running things from sudo is also available:</p> <p>Support for running things from sudo is also available:</p>
<div class="highlight-python"><pre>--- <div class="highlight-python"><pre>---
- hosts: webservers
user: yourname
sudo: True</pre>
</div>
<p>You can also login as you, and then sudo to different users than root:</p>
<div class="highlight-python"><pre>---
- hosts: webservers - hosts: webservers
user: yourname user: yourname
sudo: True sudo: True
sudo_user: privileged_user</pre> sudo_user: postgres</pre>
</div> </div>
<p>If you need to specify a password to sudo, run <cite>ansible-playbook</cite> with <tt class="docutils literal"><span class="pre">--ask-sudo-pass</span></tt> (<cite>-K</cite>). <p>If you need to specify a password to sudo, run <cite>ansible-playbook</cite> with <tt class="docutils literal"><span class="pre">--ask-sudo-pass</span></tt> (<cite>-K</cite>).
If you run a sudo playbook and the playbook seems to hang, it&#8217;s probably stuck at the sudo prompt. If you run a sudo playbook and the playbook seems to hang, it&#8217;s probably stuck at the sudo prompt.
Just <cite>Control-C</cite> to kill it and run it again with <cite>-K</cite>.</p> Just <cite>Control-C</cite> to kill it and run it again with <cite>-K</cite>.</p>
<p>NOTE: When using <cite>sudo_user</cite> to a user other than root, the module arguments are briefly written into
a random tempfile in /tmp. These are deleted immediately after the command is executed. This only
occurs when sudoing from a user like &#8216;bob&#8217; to &#8216;timmy&#8217;, not when going from &#8216;bob&#8217; to &#8216;root&#8217;, or
logging in directly as &#8216;bob&#8217; or &#8216;root&#8217;. If this concerns you that this data is briefly readable
(not writeable), avoid transferring uncrypted passwords with <cite>sudo_user</cite> set. In other cases, &#8216;/tmp&#8217; is not used and
this does not come into play. Ansible also takes care to not log password parameters.</p>
</div> </div>
<div class="section" id="vars-section"> <div class="section" id="vars-section">
<h3>Vars section<a class="headerlink" href="#vars-section" title="Permalink to this headline"></a></h3> <h3>Vars section<a class="headerlink" href="#vars-section" title="Permalink to this headline"></a></h3>
@ -487,7 +499,7 @@ package is installed. Try it!</p>
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -509,7 +509,7 @@ logs from ansible-pull runs would be an excellent way to gather and analyze remo
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

View file

@ -79,12 +79,26 @@ Support for running things from sudo is also available::
- hosts: webservers - hosts: webservers
user: yourname user: yourname
sudo: True sudo: True
sudo_user: privileged_user
You can also login as you, and then sudo to different users than root::
---
- hosts: webservers
user: yourname
sudo: True
sudo_user: postgres
If you need to specify a password to sudo, run `ansible-playbook` with ``--ask-sudo-pass`` (`-K`). If you need to specify a password to sudo, run `ansible-playbook` with ``--ask-sudo-pass`` (`-K`).
If you run a sudo playbook and the playbook seems to hang, it's probably stuck at the sudo prompt. If you run a sudo playbook and the playbook seems to hang, it's probably stuck at the sudo prompt.
Just `Control-C` to kill it and run it again with `-K`. Just `Control-C` to kill it and run it again with `-K`.
NOTE: When using `sudo_user` to a user other than root, the module arguments are briefly written into
a random tempfile in /tmp. These are deleted immediately after the command is executed. This only
occurs when sudoing from a user like 'bob' to 'timmy', not when going from 'bob' to 'root', or
logging in directly as 'bob' or 'root'. If this concerns you that this data is briefly readable
(not writeable), avoid transferring uncrypted passwords with `sudo_user` set. In other cases, '/tmp' is not used and
this does not come into play. Ansible also takes care to not log password parameters.
Vars section Vars section
++++++++++++ ++++++++++++

View file

@ -208,7 +208,7 @@ s.parentNode.insertBefore(ga, s);
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>

File diff suppressed because one or more lines are too long

View file

@ -238,7 +238,7 @@ s.parentNode.insertBefore(ga, s);
</p> </p>
<p> <p>
&copy; Copyright 2012 Michael DeHaan.<br/> &copy; Copyright 2012 Michael DeHaan.<br/>
Last updated on Jul 27, 2012.<br/> Last updated on Jul 28, 2012.<br/>
</p> </p>
</div> </div>
</footer> </footer>