add note about sudo_user
This commit is contained in:
parent
2078627e3b
commit
eef5bf4778
17 changed files with 44 additions and 18 deletions
|
@ -276,7 +276,7 @@ languages:
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
2
api.html
2
api.html
|
@ -360,7 +360,7 @@ a conf.d file appropriately or something similar. Who knows?</p>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -298,7 +298,7 @@ This way you have an audit trail describing when and why you changed the rules a
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -383,7 +383,7 @@ a simplified syntax for this.</p>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
2
faq.html
2
faq.html
|
@ -390,7 +390,7 @@ tasks – whether for a QA sytem, build system, or anything you can think of
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -191,7 +191,7 @@ s.parentNode.insertBefore(ga, s);
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -378,7 +378,7 @@ explore, but you already have a fully working infrastructure!</p>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -397,7 +397,7 @@ Puppet Labs, and is now with <a class="reference external" href="http://rpath.co
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -456,7 +456,7 @@ Stop by the mailing list to inquire about requirements.</p>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -1135,7 +1135,7 @@ yum pkg=httpd state=installed</pre>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -367,7 +367,7 @@ a <a class="reference external" href="https://github.com/ansible/ansible/blob/de
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -250,14 +250,26 @@ documentation. The <cite>user</cite> is just the name of the user account:</p>
|
||||||
</div>
|
</div>
|
||||||
<p>Support for running things from sudo is also available:</p>
|
<p>Support for running things from sudo is also available:</p>
|
||||||
<div class="highlight-python"><pre>---
|
<div class="highlight-python"><pre>---
|
||||||
|
- hosts: webservers
|
||||||
|
user: yourname
|
||||||
|
sudo: True</pre>
|
||||||
|
</div>
|
||||||
|
<p>You can also login as you, and then sudo to different users than root:</p>
|
||||||
|
<div class="highlight-python"><pre>---
|
||||||
- hosts: webservers
|
- hosts: webservers
|
||||||
user: yourname
|
user: yourname
|
||||||
sudo: True
|
sudo: True
|
||||||
sudo_user: privileged_user</pre>
|
sudo_user: postgres</pre>
|
||||||
</div>
|
</div>
|
||||||
<p>If you need to specify a password to sudo, run <cite>ansible-playbook</cite> with <tt class="docutils literal"><span class="pre">--ask-sudo-pass</span></tt> (<cite>-K</cite>).
|
<p>If you need to specify a password to sudo, run <cite>ansible-playbook</cite> with <tt class="docutils literal"><span class="pre">--ask-sudo-pass</span></tt> (<cite>-K</cite>).
|
||||||
If you run a sudo playbook and the playbook seems to hang, it’s probably stuck at the sudo prompt.
|
If you run a sudo playbook and the playbook seems to hang, it’s probably stuck at the sudo prompt.
|
||||||
Just <cite>Control-C</cite> to kill it and run it again with <cite>-K</cite>.</p>
|
Just <cite>Control-C</cite> to kill it and run it again with <cite>-K</cite>.</p>
|
||||||
|
<p>NOTE: When using <cite>sudo_user</cite> to a user other than root, the module arguments are briefly written into
|
||||||
|
a random tempfile in /tmp. These are deleted immediately after the command is executed. This only
|
||||||
|
occurs when sudoing from a user like ‘bob’ to ‘timmy’, not when going from ‘bob’ to ‘root’, or
|
||||||
|
logging in directly as ‘bob’ or ‘root’. If this concerns you that this data is briefly readable
|
||||||
|
(not writeable), avoid transferring uncrypted passwords with <cite>sudo_user</cite> set. In other cases, ‘/tmp’ is not used and
|
||||||
|
this does not come into play. Ansible also takes care to not log password parameters.</p>
|
||||||
</div>
|
</div>
|
||||||
<div class="section" id="vars-section">
|
<div class="section" id="vars-section">
|
||||||
<h3>Vars section<a class="headerlink" href="#vars-section" title="Permalink to this headline">¶</a></h3>
|
<h3>Vars section<a class="headerlink" href="#vars-section" title="Permalink to this headline">¶</a></h3>
|
||||||
|
@ -487,7 +499,7 @@ package is installed. Try it!</p>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -509,7 +509,7 @@ logs from ansible-pull runs would be an excellent way to gather and analyze remo
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
|
@ -79,12 +79,26 @@ Support for running things from sudo is also available::
|
||||||
- hosts: webservers
|
- hosts: webservers
|
||||||
user: yourname
|
user: yourname
|
||||||
sudo: True
|
sudo: True
|
||||||
sudo_user: privileged_user
|
|
||||||
|
You can also login as you, and then sudo to different users than root::
|
||||||
|
|
||||||
|
---
|
||||||
|
- hosts: webservers
|
||||||
|
user: yourname
|
||||||
|
sudo: True
|
||||||
|
sudo_user: postgres
|
||||||
|
|
||||||
If you need to specify a password to sudo, run `ansible-playbook` with ``--ask-sudo-pass`` (`-K`).
|
If you need to specify a password to sudo, run `ansible-playbook` with ``--ask-sudo-pass`` (`-K`).
|
||||||
If you run a sudo playbook and the playbook seems to hang, it's probably stuck at the sudo prompt.
|
If you run a sudo playbook and the playbook seems to hang, it's probably stuck at the sudo prompt.
|
||||||
Just `Control-C` to kill it and run it again with `-K`.
|
Just `Control-C` to kill it and run it again with `-K`.
|
||||||
|
|
||||||
|
NOTE: When using `sudo_user` to a user other than root, the module arguments are briefly written into
|
||||||
|
a random tempfile in /tmp. These are deleted immediately after the command is executed. This only
|
||||||
|
occurs when sudoing from a user like 'bob' to 'timmy', not when going from 'bob' to 'root', or
|
||||||
|
logging in directly as 'bob' or 'root'. If this concerns you that this data is briefly readable
|
||||||
|
(not writeable), avoid transferring uncrypted passwords with `sudo_user` set. In other cases, '/tmp' is not used and
|
||||||
|
this does not come into play. Ansible also takes care to not log password parameters.
|
||||||
|
|
||||||
Vars section
|
Vars section
|
||||||
++++++++++++
|
++++++++++++
|
||||||
|
|
||||||
|
|
|
@ -208,7 +208,7 @@ s.parentNode.insertBefore(ga, s);
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
File diff suppressed because one or more lines are too long
|
@ -238,7 +238,7 @@ s.parentNode.insertBefore(ga, s);
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
© Copyright 2012 Michael DeHaan.<br/>
|
© Copyright 2012 Michael DeHaan.<br/>
|
||||||
Last updated on Jul 27, 2012.<br/>
|
Last updated on Jul 28, 2012.<br/>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
Loading…
Reference in a new issue