I started trying to play around with Ansible and found that you can’t have multiple user credentials in an ansible vault file, or maybe I’m doing it wrong, but as part of standard security practice, I don’t have the same username/password combination with root or sudo access on any of my Linux VMs, which I think is a pretty common approach. So, I don’t get how Ansible is supposed to automate maintenance tasks for multiple servers when I would have to have a separate playbook for every single machine. Kind of renders the whole inventory thing pointless. I’m sure I must be missing something, so does anyone have any thoughts on this?
If you are talking about escalating to a privileged user that is not what you used to SSH, then you can user “become_user”.
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html
Yes, but the problem is passing secure credentials to the individual user accounts you want to “become” for each machine when Ansible only allows you to reference a single credential per Ansible vault and you can only reference one Ansible vault per playbook run, so, unless all of your privileged accounts have the same user and password that can be referenced from the vault, which is of course not ideal security practice, I don’t understand how you’re supposed to use this with multiple servers, with multiple credentials.