Let’s say you have the following hypothetical environment which contains two subsets of servers:
- Internal servers: configured to use Centrify/AD for authentication (
- DMZ servers: configured with traditional sudoers files since access to internal AD is not available (
sudofor your become method)
Assuming our inventory can’t be grouped by some trait like hostname, network segment, etc, what is the fastest (and laziest) way we can run our playbook against all these hosts?
Disclaimer: You should probably work on creating a stronger inventory. The following serves as a workaround only.
- hosts: all become: no become_method: dzdo gather_facts: no tasks: # fall back to sudo if centrify isn't configured - name: get hw info block: - name: try with dzdo gather_facts: rescue: - name: fallback to sudo vars: ansible_become_method: sudo gather_facts: become: yes
If our server isn’t configured with Centrify for AD authentication, the playbook will fallback and attempt to use