restrict playbook execution from specific directory
15 views
Skip to first unread message
K T
Aug 7, 2023, 10:37:29 AM8/7/23
to Ansible Project
Hi,
Is there a way to restrict playbook execution from specific directory?
For example: I don't want user to execute playbook from home directory and I want to enforce it to be executed from only defined ansible directory
Brian Coca
Aug 7, 2023, 10:48:10 AM8/7/23
to ansible...@googlegroups.com
Not an explicit feature, but I can think of a few ways you could do this:
- Have an assert/fail at the start of the playbook that checks
``playbook_dir`` is in the 'allowed paths'.
- Setup selinux/apparmor policies to restrict what files
ansible-playbook can access.
- Add to the check to a custom plugin you always load (callback/connection/?).
- Use a wrapper script or shell alias function that does the check and
then calls the 'real' Ansible CLI.
----------
Brian Coca
- Have an assert/fail at the start of the playbook that checks
``playbook_dir`` is in the 'allowed paths'.
- Setup selinux/apparmor policies to restrict what files
ansible-playbook can access.
- Add to the check to a custom plugin you always load (callback/connection/?).
- Use a wrapper script or shell alias function that does the check and
then calls the 'real' Ansible CLI.
----------
Brian Coca
K T
Aug 7, 2023, 10:25:21 PM8/7/23
to Ansible Project
Thank you Brain.
Any sample wrapper script for callback
Reply all
Reply to author
Forward
0 new messages