Copyright (c) 2021 Intel Corporation
The non-root user on the Smart Edge Open Platform
Smart Edge Open provides a possibility to install all required files on a Kubernetes control plane and nodes with or without root user. From security perspective it is advised to use non-root user installation of the Smart Edge Open platform where all tasks are executed with non-root user’s permissions. Tasks that require root privileges use privilege escalation property “become”.
- name: Run a command as root
NOTE: For more about privileges escalation in Ansible please refer to https://docs.ansible.com/ansible/latest/user_guide/become.html#
Steps on K8s nodes
Before Ansible installation is started a non-root user needs to be created on the machines defined in
inventory.yml. To create a user
openness execute command:
A password for the given user is required.
As some tasks require root privileges the non-root user needs to have a possibility to become a root. For the user
openness the following command must be performed:
echo "openness ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/openness
To run Ansible as a non-root user a modification in
inventory.yml is required. Setting a user in variable
ansible_user to already created non-root user will cause an execution of all tasks as non-root user specified.