Run ansible as 2 totally speerate users on the same "master" server

[Steven Mething]

Hi,

I am a newbie trying to migrate from salt to ansible.  I am trying to learn how to manage/use ansible but struggling.  Salt has a "seperation model" I like and understand but ansible I cant figure out, I guess I am contaminated with the "salt way" and cant fathom ansible yet.

Anyway, I have a user configured in ansible as "svc1"  this user runs all the production playbooks etc and is configured in /etc/ansible/*  as the user to run under as per normal.

I would like to run ansible to build servers as a separate user, "svc2" with separate ssh keys and playbooks etc to prevent me "damaging" 1 or more production servers by mistake as I know so little.  

So,

a) I have a second user "svc2".

b) A  /home/svc2/ansible_hosts setup that only has the specific build target FQDN in it but when I run an ansible command its looking for /home/svc1/ansible_hosts

I need a method on how to work safely.

The only way I can see is to bypass the default config in /etc/ansible/* and specify where ansible_hosts is on the command line? and run as svc2 and not svc1 by default, can this be done?  if so how can I do this?   or otherwise how can I guarantee complete isolation from production?

regards

Steven

[Kai Stian Olstad]

On 12.08.2019 22:42, Steven Mething wrote:
> The only way I can see is to bypass the default config in
> /etc/ansible/*
> and specify where ansible_hosts is on the command line? and run as svc2
> and
> not svc1 by default, can this be done? if so how can I do this? or
> otherwise how can I guarantee complete isolation from production?

Create a directory and in that directory create a ansible.cfg, when you
run Ansible command cd to this directory first and you have a self
contained Ansible configuration that you also can have in a source
control management tool like Git.


--
Kai Stian Olstad

[Steven Mething]

Looks good, brilliant, thanks!