Whats the best practise on handling different access right to different inventory files in same ansible project?

Question

We have one ansible project for two teams with 3 inventory file: inventory-all inventory-teamA inventory-teamB

TeamA has permissions for all and teamA, B for all and teamB. What is the best practise on handling this? We use ansible-vault to encrypt those inventory files.

I assume it's currently not possible out of the box due to the limit of one password in ansible-vault, see https://github.com/ansible/ansible/issues/13243 .

Where does this project stored? In VSC like git/hg/svn or on some traditional storage like samba share or ftp? If VCS then which exactly? How do you manage access for existing teams? Please, update your question. — Andrew, Jun 09 '17 at 13:30

score 0 · Answer 1 · answered Jun 26 '17 at 12:49

0

This can be accompliushed by multiple Vault passwords which is currently not available, but on the roadmap for Ansible 2.4.

"Support for multiple vault passwords"

https://github.com/ansible/ansible/blob/devel/docs/docsite/rst/roadmap/ROADMAP_2_4.rst

answered Jun 26 '17 at 12:49

iptizer

1,088
1
10
19

Whats the best practise on handling different access right to different inventory files in same ansible project?

1 Answers1