Ansible Inventory Security (all)

17 views
Skip to first unread message

Martin Parrella

unread,
May 6, 2021, 2:12:35 PM5/6/21
to Ansible Project

Hi there! Is there any way to overwrite the 'all/*' keyword in Ansible inventory? How can we prevent someone to run something nasty (intentionally or by mistake) over all our inventory?

We did a couple of tests using a dynamic inventory, but no luck. As a workaround, we are thinking to force all the playbooks to have a line similar to this one:

- hosts: "{{ target_hosts | regex_replace('(all|\\*)', 'invalid_target_host') }}"

... but this doesn't sound like the best option, any ideas?

Thanks!

Alex Wanderley

unread,
May 6, 2021, 3:26:27 PM5/6/21
to ansible...@googlegroups.com
Hello,

What we're doing here is assigning a variable to "hosts".

Something like:
hosts: {{ variable }}

So, our playbooks have always to be called as "ansible-playbooks <playbook> -e "variable=<hostname>|<group>" otherwise they will fail.

Alex

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/10c66396-aab0-4506-87ad-9a1d8676d097n%40googlegroups.com.


--

 

Edmonton_sig_RGB_S.jpg

Alex Wanderley

Application and Infrastructure Analyst II
UNIX / Storage Team

Financial and Corporate Services | Open City and Technology  

 

780-496-4156  Office

780-819-0273  Mobile

 

City of Edmonton

Century Place, 12th Floor

9803 102A Avenue NW

Edmonton AB, T5J 3A3

 

All information contained in this email post is proprietary to the City of Edmonton, confidential and intended only for the addressed recipient. If you have received this post in error, please disregard the contents, inform the sender of the misdirection, and remove it from your system. The copying, dissemination or distribution of this email, if misdirected, is strictly prohibited.


The contents of this message and any attachment(s) are confidential, proprietary to the City of Edmonton, and are intended only for the addressed recipient. If you have received this in error, please disregard the contents, inform the sender of the misdirection, and remove it from your system. The copying, dissemination, or distribution of this message, if misdirected, is strictly prohibited.
Reply all
Reply to author
Forward
0 new messages