Ansible Tower: Manage Nodes as a Non-Root User
Ansible Tower: Manage Nodes as a Non-Root User
In this video I set up a non-root user to manage nodes and escalate privileges via Sudo.
1) Add a user to your managed nodes ('ansible' user in this case)
1a) Create an Ansible hosts file with one server on each line (or IP):
srv01
srv02
1b) Create a text file containing the password you want this user to have, on a single line.
1c) Create a shell script that will read both of the above files, loop through the hosts, create the ansible user, and add them to the Sudo group.
user=root # logging into each host as root user
password=$(cat ansible_node_password.txt) # reading password from 1b
opensslPw=$(openssl passwd -1 $password) #creating hashed value for useradd
creating the ansible user and adding them to the wheel (sudo) group
commands="useradd -p '$opensslPw' ansible; usermod -aG wheel ansible"
looping through each host
for host in $(cat ansible_hosts.txt); do
connecting to each host with ssh and running the commands
ssh -l $user $host $commands
done
note, you will have to enter the root password of your managed nodes for this
you can also set ssh public key authentication on your nodes to not use a password
2) With the ansible user created on the managed nodes, create a 'Credential' in Ansible Tower.
2a) Credential Type is 'Machine' and you enter the USERNAME, PASSWORD, and PRIVILEGE ESCALATION PASSWORD.
2b) Also set the PRIVILEGE ESCALATION METHOD to 'sudo'.
3) Add 'become: yes' to the appropriate location in your playbook.
3a) See the Ansble documentation for more details:
https://docs.ansible.com/ansible/late...
4) Update the job template in the Templates section and change CREDENTIALS to the one you just created.
5) The playbook should be good to run as a non-root user.
Смотрите видео Ansible Tower: Manage Nodes as a Non-Root User онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь CyberScribe.org 16 Май 2021, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 1,508 раз и оно понравилось 13 людям.