mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 05:10:22 -07:00
rebuild
This commit is contained in:
parent
2befb446a3
commit
b721176bdd
6 changed files with 131 additions and 72 deletions
|
@ -267,12 +267,19 @@ documentation. The <cite>user</cite> is just the name of the user account:</p>
|
|||
<p>If you need to specify a password to sudo, run <cite>ansible-playbook</cite> with <tt class="docutils literal"><span class="pre">--ask-sudo-pass</span></tt> (<cite>-K</cite>).
|
||||
If you run a sudo playbook and the playbook seems to hang, it’s probably stuck at the sudo prompt.
|
||||
Just <cite>Control-C</cite> to kill it and run it again with <cite>-K</cite>.</p>
|
||||
<p>NOTE: When using <cite>sudo_user</cite> to a user other than root, the module arguments are briefly written into
|
||||
a random tempfile in /tmp. These are deleted immediately after the command is executed. This only
|
||||
occurs when sudoing from a user like ‘bob’ to ‘timmy’, not when going from ‘bob’ to ‘root’, or
|
||||
logging in directly as ‘bob’ or ‘root’. If this concerns you that this data is briefly readable
|
||||
(not writeable), avoid transferring uncrypted passwords with <cite>sudo_user</cite> set. In other cases, ‘/tmp’ is not used and
|
||||
this does not come into play. Ansible also takes care to not log password parameters.</p>
|
||||
<div class="admonition important">
|
||||
<p class="first admonition-title">Important</p>
|
||||
<p class="last">When using <cite>sudo_user</cite> to a user other than root, the module
|
||||
arguments are briefly written into a random tempfile in /tmp.
|
||||
These are deleted immediately after the command is executed. This
|
||||
only occurs when sudoing from a user like ‘bob’ to ‘timmy’, not
|
||||
when going from ‘bob’ to ‘root’, or logging in directly as ‘bob’ or
|
||||
‘root’. If this concerns you that this data is briefly readable
|
||||
(not writeable), avoid transferring uncrypted passwords with
|
||||
<cite>sudo_user</cite> set. In other cases, ‘/tmp’ is not used and this does
|
||||
not come into play. Ansible also takes care to not log password
|
||||
parameters.</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" id="vars-section">
|
||||
<h3>Vars section<a class="headerlink" href="#vars-section" title="Permalink to this headline">¶</a></h3>
|
||||
|
@ -459,12 +466,16 @@ of a play:</p>
|
|||
- include: handlers/handlers.yml</pre>
|
||||
</div>
|
||||
<p>You can mix in includes along with your regular non-included tasks and handlers.</p>
|
||||
<p>NOTE:: you can not conditionally path the location to an include file, like you can
|
||||
with ‘vars_files’. If you find yourself needing to do this, consider how you can
|
||||
restructure your playbook to be more class/role oriented. This is to say you cannot
|
||||
use a ‘fact’ to decide what include file to use. All hosts contained within the play
|
||||
are going to get the same tasks. (‘only_if’ provides some ability for hosts to conditionally
|
||||
skip tasks).</p>
|
||||
<div class="admonition note">
|
||||
<p class="first admonition-title">Note</p>
|
||||
<p class="last">You can not conditionally path the location to an include file,
|
||||
like you can with ‘vars_files’. If you find yourself needing to do
|
||||
this, consider how you can restructure your playbook to be more
|
||||
class/role oriented. This is to say you cannot use a ‘fact’ to
|
||||
decide what include file to use. All hosts contained within the
|
||||
play are going to get the same tasks. (‘only_if’ provides some
|
||||
ability for hosts to conditionally skip tasks).</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="section" id="executing-a-playbook">
|
||||
<h2>Executing A Playbook<a class="headerlink" href="#executing-a-playbook" title="Permalink to this headline">¶</a></h2>
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue