Support non-root SSH deployents via ansible become
User Story: As a deployer of Kolla, I want to be able to SSH to remote systems as a non-root user to run prechecks, deployment, and post-deployment actions via sudo access so that sudo actions are properly logged about who performed what actions.
Rationale: In many enterprise environments, users are not allowed to SSH as root, and this is generally a poor practice anyhow (which is why there is an explicit means to shut it off in OpenSSHd). The primary motivation in many environments is that users should not login as a super user, thereby leaving no audit trail.
Implementation: I've deployed Kolla using ansible-playbook directly and simply passed the --become flag. This can also be managed via the inventory file vars for each host, but AFAIK you can't force ansible to prompt for a sudo password this way. I don't like hard-coding them into my inventory file, and for complex passwords this is problematic anyway.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- Derek Ditch
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Obsolete
- Series goal:
- None
- Implementation:
-
Not started
- Milestone target:
- None
- Started by
- Completed by
- Mark Goddard
Related branches
Sprints
Whiteboard
this looks like a dupe of https:/
