Review for new rbac_playbook
Kevin Fenzi
kevin at scrye.com
Mon Jun 9 14:49:48 UTC 2014
On Mon, 9 Jun 2014 08:44:38 -0600
Tim Flink <tflink at redhat.com> wrote:
> I think that most of your concerns have been addressed or are being
> discussed in other parts of this thread but I wanted to speak towards
> the reason that -P is there at all.
>
> You are correct in reading that it has ansible-playbook use an ssh
> port other than 22. That is set using -e 'ansible_ssh_port=<some
> port>' and giving direct access to the -e parameter would be
> port>problematic at best,
> so I added the -P parameter which is restricted to just that option
> even though it's rendered as -e
>
> The QA devel folks use phabricator and phabricator supports git repo
> hosting (through http(s) and ssh). In order to support git over ssh
> while keeping user information in phabricator (username, ssh key for
> git, repo permissions etc.), it uses a short-circuited ssh daemon that
> uses phabricator for auth instead of system accounts (restricted to
> git commands, though). Git repos on alternate ports is a bit of a
> pain, so to support git+ssh on port 22 I change the real ssh daemon
> (that can do more than git) to an alternate port.
If those hosts always have ssh on the same different port, we could
just add that to vars?
http://docs.ansible.com/faq.html#how-do-i-handle-different-machines-needing-different-user-accounts-or-ports-to-log-in-with
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20140609/0b52957f/attachment.sig>
More information about the infrastructure
mailing list