-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
2.4, 2.5
-
False
-
-
False
What is the nature and description of the request?
When performing actions (install/backup/restore) with the AAP installer (RPM, Containerized), it is necessary to be able to escalate to different users, including root.
Currently, our documentation refers to the upstream docs regarding this, but our documentation should also highlight this, as we should not be relying on upstream docs.
Why does the customer need this? (List the business requirements here)
Customers are sometimes unaware of this requirement, which can cause issues when using the installers.
How would you like to achieve this? (List the functional requirements here)
- Replace the link to the upstream docs
- Update the Prerequisites with the following:
Prerequisites - You can obtain root access either through the sudo command, or through privilege escalation. - You can de-escalate privileges from root to users such as: AWX, PostgreSQL, Event-Driven Ansible, or Pulp. - You have configured an NTP client on all nodes. -------------------------------------------------------------------------- Note: The installer uses the sudo or a user with escalated privileges to perform several tasks such as fact gathering, package installation, firewall configuration, and more. Ansible does not always use a specific command to do something but runs modules (code) from a temporary file name which changes every time. Therefore, you cannot limit privilege escalation permissions to certain commands. --------------------------------------------------------------------------
NOTE: this update should be made on AAP 2.4 and 2.5 (and 2.6??) for both RPM and Containerized installation docs. Basically, anywhere we reference this link:
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html
List any affected known dependencies: Doc, UI etc..
The following upstream documentation explains this as well