mig5/enroll.sh
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update docs (--ask-become-pass for password sudo in remote harvest mode)

Browse source
This commit is contained in:
Miguel Jacq 2026-01-04 21:30:39 +11:00
parent 39eb951fc3
commit d3f5a90b55
Signed by: mig5
GPG key ID: 59B3F0C24135C6A9
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/docs.html
View file

@ -147,6 +147,7 @@
<li>You can use multiple invocations of <code>--exclude-path</code> to skip the bits you don't want. You also can always comment out from the playbook.yml or delete certain roles it generates once you've run the <code>enroll manifest</code>.</li>
<li>In terms of safety measures: it doesn't traverse symlinks, and it has an 'IgnorePolicy' that makes it ignore most binary files (except GPG binary keys used with apt) - though if you specify certain paths with <code>--include-path</code> and use <code>--dangerous</code>, it will skip some policy statements such as what types of content to ignore.</li>
<li>It will skip files that are too large, and it also currently has a hardcoded cap of the number of files that it will harvest (4000 for <code>/etc</code>, <code>/usr/local/etc</code> and <code>/usr/local/bin</code>, and 500 files per 'role'), to avoid unintentional 'runaway' situations.</li>
<li>If you are using the 'remote' mode to harvest, and your remote user requires a password for sudo, you can pass in <code>--ask-become-pass</a> (or <code>-K</code>) and it will prompt for the password. If you forget, and remote requires password for sudo, it'll still fall back to prompting for a password, but will be a bit slower to do so.</li>
</ul>
<div class="alert alert-secondary mt-3 mb-0">

2
src/examples.html
View file

@ -85,7 +85,7 @@
--harvest /tmp/enroll-harvest \
--out /tmp/enroll-ansible</code></pre>
</div>
<p class="small text-secondary mt-2 mb-0">No need to manually run commands on the server - your bundle lands locally.</p>
<p class="small text-secondary mt-2 mb-0">No need to manually run commands on the server - your bundle lands locally. If your remote user needs a password for sudo, pass in <code>--ask-become-pass</code> or <code>-K</code>, just like in Ansible. If you don't want to use sudo, pass <code>--no-sudo</code>, but your harvest may contain less data.</p>
</div>
</div>