Standard user account used for initiating builds / rollouts using Ansible
33 views
Skip to first unread message
Stuart Budd
Jan 21, 2015, 7:55:44 AM1/21/15
to ansible...@googlegroups.com
Hi
I have a general question please with regards to what account I should use as the * standard * user for initiating Ansible deployments / rollouts.
I know that the use of the term * standard * could be a little tricky, but in general, when starting a new environment at a new site what account should I use as the "Ansible deployment account".
I have experienced one environment just using the root user, and then connecting at the root user on the remote servers.
I have also experienced people just using their own accounts and adding them to a group called ansible that owns all of the deployment files.
I was thinking of just using the account ansible on the local Ansible server, which then connects to remote ansible users on the remote servers.
Then doing a sudo to root if required - which it will in most cases I guess.
Using the root user seems wrong and using individual accounts does not seem very tidy.
Do others use a special ansible account for deployments?
Just looking for thoughts to confirm if I am doing the right thing.
It's lonely being the person setting things up and making the standards.
I have a general question please with regards to what account I should use as the * standard * user for initiating Ansible deployments / rollouts.
I know that the use of the term * standard * could be a little tricky, but in general, when starting a new environment at a new site what account should I use as the "Ansible deployment account".
I have experienced one environment just using the root user, and then connecting at the root user on the remote servers.
I have also experienced people just using their own accounts and adding them to a group called ansible that owns all of the deployment files.
I was thinking of just using the account ansible on the local Ansible server, which then connects to remote ansible users on the remote servers.
Then doing a sudo to root if required - which it will in most cases I guess.
Using the root user seems wrong and using individual accounts does not seem very tidy.
Do others use a special ansible account for deployments?
Just looking for thoughts to confirm if I am doing the right thing.
It's lonely being the person setting things up and making the standards.
Stuart Budd
Jan 21, 2015, 7:56:49 AM1/21/15
to ansible...@googlegroups.com
p.s. Nice product.
Brian Coca
Jan 21, 2015, 9:08:56 AM1/21/15
to ansible...@googlegroups.com
The account usage is normally a constraint of your security
requirements, using a common account might be tidy but obscures
auditability. It is much easier to manage a single user's permissions
than multiple users, shared passwords or sudo w/o a password can also
be an issue. A case can be made for each type of setup.
yes, *standard* in this context is mostly the absence of one.
--
Brian Coca
requirements, using a common account might be tidy but obscures
auditability. It is much easier to manage a single user's permissions
than multiple users, shared passwords or sudo w/o a password can also
be an issue. A case can be made for each type of setup.
yes, *standard* in this context is mostly the absence of one.
--
Brian Coca
Stuart Budd
Jan 21, 2015, 3:08:09 PM1/21/15
to ansible...@googlegroups.com
Thanks for the reply Brian
Reply all
Reply to author
Forward
0 new messages