Is it insecure to have an ansible user with passwordless sudo?
Solution 1:
If the service account can do passwordless sudo, then you have to protect access to that account.
Having the account not have a password, and using only ssh keys to log in to it, accomplishes this, provided you can keep the ssh private key secure as well.
Solution 2:
The new user created in (2) can only log in with the SSH key, no password. The SSH key gives indirect root access. So this is equivalent to just allowing root login with a key.
As the account doesn't have a password, it is not possible to have sudo
ask for a password. Also Ansible needs to be able to execute commands. Having an additional password to provide at the same place as the key would not increase security.
Solution 3:
The problem is that ansible is for administrators and automation, so if you need to enter a password to run a script is not really the best way. Also it's not secure to store the password for sudo in a file or database and ansible get it every time it run the playbook. So the combination of passwordless sudo and the authentication with ssh Keys is the best method to ensure security and no right problems by running the playbook. Also you an administrator and know what you programming in the playbook. So the playbook can not destroy your servers.