Menu
Is it possible to apply a specific role as sudo in Ansible?
Specifically, these are roles fetched from ansible-galaxy, so the source is not within my control.
This example suggests that passing sudo:yes to the role should work, but I presume the role must first be defined to expect the param.
This section of the changelog suggests that sudo true can be set at the role level, however, the following is not working:
---
- remote_user: "vagrant"
tasks: []
hosts: "all"
roles:
- role: "mysql"
sudo: yes
However, applying sudo at the top level makes the role work:
---
- remote_user: "vagrant"
tasks: []
hosts: "all"
sudo: yes
roles:
- role: "mysql"
Note -- I've tried with both sudo: true and sudo: yes, and the outcome is the same.
495
To know whether a particular user is having sudo access or not, we can use -l and -U options together. For example, If the user has sudo access, it will print the level of sudo access for that particular user. If the user don't have sudo access, it will print that user is not allowed to run sudo on localhost.
Yes, you can perform a role as another user, including root, but only at the "playbook" level.
If you want to run one role as yourself, and another role as, say, "root", then you'll have to write those up as separate plays (whether or not they are in separate files).
For example, assuming that you have this playbook, containing two plays, using the same role, but with different sudo users:
---
- hosts: localhost
sudo: yes
roles:
- role: aks.whoami
- hosts: localhost
sudo: no
roles:
- role: aks.whoami
And, this role: aks.whoami:
---
- name: "whoami?"
shell: whoami
register: whoami
- debug: var=whoami.stdout
This is the output:
PLAY [localhost] **************************************************************
GATHERING FACTS ***************************************************************
ok: [localhost]
TASK: [aks.whoami | whoami?] **************************************************
changed: [localhost]
TASK: [aks.whoami | debug var=whoami.stdout] **********************************
ok: [localhost] => {
"var": {
"whoami.stdout": "root"
}
}
PLAY [localhost] **************************************************************
GATHERING FACTS ***************************************************************
ok: [localhost]
TASK: [aks.whoami | whoami?] **************************************************
changed: [localhost]
TASK: [aks.whoami | debug var=whoami.stdout] **********************************
ok: [localhost] => {
"var": {
"whoami.stdout": "aks"
}
}
PLAY RECAP ********************************************************************
localhost : ok=6 changed=2 unreachable=0 failed=0
This works for me, but not the sudo: yes.
roles:
- { role: packages, become: yes}
- { role: geerlingguy.docker, become: yes }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
