Menu
I have read the Ansible documentation but I am still a bit confused about the three following parameters in ansible playbooks: user, sudo, sudo_user.
I have tried the following playbooks with different combination of the parameters:
user:deploy => Works
user:deploy and sudo: True => Hangs on the git task
user:deploy, sudo: True and sudo_user: deploy => Works
What does sudo_user actually do? When and why should I use each of these combinations?
- hosts: all user: deploy sudo: True sudo_user: deploy tasks: - name: Ensure code directory file: dest=/home/deploy/code state=directory - name: Deploy app git: [email protected]:YAmikep/djangotutorial.git dest=/home/deploy/code Thanks
484
Ansible Sudo or become is a method to run a particular task in a playbook with Special Privileges like root user or some other user. In the earlier versions of ansible there is an option named as sudo which is deprecated now, Since ansible 2.0 there are two new options named as become and become_user.
If you expect ansible to perform tasks that require root access, then ansible needs root privileges, either via sudo or via appropriate ssh credentials to the root account. You can't restrict Ansible to particular commands because Ansible isn't running specific commands; it's running (typically) python .
What is Ansible Sudo? In Ansible, we can use become to make use to Linux system's sudo feature. This makes one user to execute commands on system as another user for the moment of command execution.
To specify a password for sudo, run ansible-playbook with --ask-become-pass ( -K for short). If you run a playbook utilizing become and the playbook seems to hang, most likely it is stuck at the privilege escalation prompt. Stop it with CTRL-c , then execute the playbook with -K and the appropriate password.
user is the user you're ssh'ing as. With your config, you're ssh'ing as deploy.
sudo_user is the user you're sudo'ing on the host when sudo: yes is set.
So I think in your case none of sudo and sudo_user are necessary if you can ssh as deploy.
However, if you ssh as root, you need to set sudo_user: deploy and sudo: yes.
If you ask for 'sudo' but don't specify any user, Ansible will use the default set in your ~/.ansible.cfg (sudo_user), and will default to root.
Note that user is deprecated (because it's confusing). You should use remote_user instead.
EDIT: Case #2 probably hangs because of ssh confirmation issues : you probably have bitbucket.org host key in ~deploy/.ssh/known_hosts but NOT in ~root/.ssh/known_hosts
UPDATE: As of Ansible 2.x, use become and become_user instead of the deprecated sudo and sudo_user. Example usage:
- hosts: all user: deploy become: true become_user: deploy tasks: - name: Ensure code directory file: dest=/home/deploy/code state=directory - name: Deploy app git: [email protected]:YAmikep/djangotutorial.git dest=/home/deploy/cod If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
