Re: [ansible-project] authorising when ansible pull from private git repo
90 views
Skip to first unread message
Message has been deleted
Brian Coca
Jun 3, 2015, 3:03:47 PM6/3/15
to ansible...@googlegroups.com
can you not just give them read only access?
On Wed, Jun 3, 2015 at 11:48 AM, Ye Na Rhee <gnr...@gmail.com> wrote:
> Hello all,
>
> I'm posting here because I couldn't figure out the solution even after
> searching the internet for long...
>
> I'm trying to use ansible pull on my remote machines.
> The problem is that the git repository that I'm trying to pull from is
> private.
> The server's SSH key has been added to the github account but agent
> forwarding doesn't seem to work since the ansible-pull command isn't run
> from the server.
> And I don't want to give my remote machines the permission to change the git
> repository.
> How can the deployed machines be authorised to clone the repository in this
> case?
>
> I'm using ansible pull, in order to make sure that the deployed machines are
> updated with latest configuration even if they are offline at the moment of
> update.
>
> I would be really grateful even for the littlest help!
>
> Cheers,
> Yena
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/f4d4247c-ae57-483b-bb0d-09b747492284%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Brian Coca
On Wed, Jun 3, 2015 at 11:48 AM, Ye Na Rhee <gnr...@gmail.com> wrote:
> Hello all,
>
> I'm posting here because I couldn't figure out the solution even after
> searching the internet for long...
>
> I'm trying to use ansible pull on my remote machines.
> The problem is that the git repository that I'm trying to pull from is
> private.
> The server's SSH key has been added to the github account but agent
> forwarding doesn't seem to work since the ansible-pull command isn't run
> from the server.
> And I don't want to give my remote machines the permission to change the git
> repository.
> How can the deployed machines be authorised to clone the repository in this
> case?
>
> I'm using ansible pull, in order to make sure that the deployed machines are
> updated with latest configuration even if they are offline at the moment of
> update.
>
> I would be really grateful even for the littlest help!
>
> Cheers,
> Yena
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/f4d4247c-ae57-483b-bb0d-09b747492284%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
--
Brian Coca
Mirko Friedenhagen
Jun 4, 2015, 10:35:05 AM6/4/15
to ansible-project
Hello Ye,
if I remember right, you may define different permissions for repository collaborators in Gitlab. At least within organizations this is possible.
Regards
Mirko
--
Sent from my mobile
Message has been deleted
Mirko Friedenhagen
Jun 9, 2015, 2:47:02 PM6/9/15
to ansible-project
Hello Yena,
that depends how your git repository is set up. In GitHub (or GitLab)
you may easily define read-only roles.
When you use something like gitolite or plain git, it is possible to
allow pull only for specific SSH keys as well.
However this is not really an Ansible question but depends on your git
setup, so without further information the question is not easily
answerable.
Regards Mirko
--
http://illegalstateexception.blogspot.com/
https://github.com/mfriedenhagen/ (http://osrc.dfm.io/mfriedenhagen)
https://bitbucket.org/mfriedenhagen/
On Tue, Jun 9, 2015 at 4:08 PM, Ye Na Rhee <gnr...@gmail.com> wrote:
> Thanks for the answer.
> But we are not using GitHub but our own server for git and use ssh keys to
> access it. Therefore there isn't any github GUI or anything similar..
> How can a read-only access be granted without compromising the security?
> I want the client computers to be able to access just this repo.
> https://groups.google.com/d/msgid/ansible-project/130a3f2a-4aec-4b03-887e-1e942d042e60%40googlegroups.com.
that depends how your git repository is set up. In GitHub (or GitLab)
you may easily define read-only roles.
When you use something like gitolite or plain git, it is possible to
allow pull only for specific SSH keys as well.
However this is not really an Ansible question but depends on your git
setup, so without further information the question is not easily
answerable.
Regards Mirko
--
http://illegalstateexception.blogspot.com/
https://github.com/mfriedenhagen/ (http://osrc.dfm.io/mfriedenhagen)
https://bitbucket.org/mfriedenhagen/
On Tue, Jun 9, 2015 at 4:08 PM, Ye Na Rhee <gnr...@gmail.com> wrote:
> Thanks for the answer.
> But we are not using GitHub but our own server for git and use ssh keys to
> access it. Therefore there isn't any github GUI or anything similar..
> How can a read-only access be granted without compromising the security?
> I want the client computers to be able to access just this repo.
Reply all
Reply to author
Forward
0 new messages