A tool and python library that helps when interfacing with Ansible directly or as part of another system whether that be through a container image interface, as a standalone tool, or as a Python module that can be imported. The goal is to provide a stable and consistent interface abstraction to Ansible.
Note: I am aware that process-isolation can (also) be used to tackle this problem - but the feature described below could be a nice addition to ansible-runner. In addition to this - the process-isolation adds an dependency on some containerization technology that would not be needed if we can simply switch the user-context.
Background:
We are running a service that executes ansible-runner in multiple threads.
To protect some service-related secrets I looked into running ansible-runner as dedicated user.
Greetings!
I've been implementing ansible-runner in a project of mine.
Note: I am aware that process-isolation can (also) be used to tackle this problem - but the feature described below could be a nice addition to ansible-runner. In addition to this - the process-isolation adds an dependency on some containerization technology that would not be needed if we can simply switch the user-context.
Background: We are running a service that executes ansible-runner in multiple threads.
To protect some service-related secrets I looked into running ansible-runner as dedicated user.
Feature:
The python3 subprocess module would allow us to do so using the
userparameter.This argument could (simply) be added/passed-through here: https://github.com/ansible/ansible-runner/blob/2.3.6/ansible_runner/runner.py#L229
The docs of
run_subprocessshow: