diff --git a/src/docs.html b/src/docs.html index edece41..241c2af 100644 --- a/src/docs.html +++ b/src/docs.html @@ -147,6 +147,7 @@
  • You can use multiple invocations of --exclude-path to skip the bits you don't want. You also can always comment out from the playbook.yml or delete certain roles it generates once you've run the enroll manifest.
  • In terms of safety measures: it doesn't traverse symlinks, and it has an 'IgnorePolicy' that makes it ignore most binary files (except GPG binary keys used with apt) - though if you specify certain paths with --include-path and use --dangerous, it will skip some policy statements such as what types of content to ignore.
  • It will skip files that are too large, and it also currently has a hardcoded cap of the number of files that it will harvest (4000 for /etc, /usr/local/etc and /usr/local/bin, and 500 files per 'role'), to avoid unintentional 'runaway' situations.
    • +
  • If you are using the 'remote' mode to harvest, and your remote user requires a password for sudo, you can pass in --ask-become-pass (or -K) and it will prompt for the password. If you forget, and remote requires password for sudo, it'll still fall back to prompting for a password, but will be a bit slower to do so.
    • diff --git a/src/examples.html b/src/examples.html index 6c273ee..568b28f 100644 --- a/src/examples.html +++ b/src/examples.html @@ -85,7 +85,7 @@ --harvest /tmp/enroll-harvest \ --out /tmp/enroll-ansible
    -

    No need to manually run commands on the server - your bundle lands locally.

    +

    No need to manually run commands on the server - your bundle lands locally. If your remote user needs a password for sudo, pass in --ask-become-pass or -K, just like in Ansible. If you don't want to use sudo, pass --no-sudo, but your harvest may contain less data.