Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why ansible become_user does nothing unless become=yes? [closed]

Tags:

ansible

Why ansible become_user does nothing unless become=yes?

I am am wondering if someone can explain me why using the option become_user: xxx silently fails to do anything unless you also add become: yes

What's the point of having two different options, and especially to fail to su and not to say a thing about it.

like image 313
sorin Avatar asked Feb 24 '16 13:02

sorin


1 Answers

Those are two different things. One sets a user name, the other makes a task, block or play run as that user. Maybe it makes sense if you look at this playbook:

- hosts: all
  become_user: foo
  tasks:
    - shell: whoami
      register: a
    - shell: whoami
      become: yes
      register: b
    - block:
    - shell: whoami
          register: c
        - shell: whoami
          become: yes
          register: d
        - shell: whoami
          become: yes
          become_user: baz
          register: e
      become_user: bar
    - debug: var=a.stdout
    - debug: var=b.stdout
    - debug: var=c.stdout
    - debug: var=d.stdout
    - debug: var=e.stdout

TASK [setup] *******************************************************************
ok: [some.host]

TASK [command] *****************************************************************
changed: [some.host]

TASK [command] *****************************************************************
changed: [some.host]

TASK [command] *****************************************************************
changed: [some.host]

TASK [command] *****************************************************************
changed: [some.host]

TASK [command] *****************************************************************
changed: [some.host]

TASK [debug] *******************************************************************
ok: [some.host] => {
    "a.stdout": "realuser"
}

TASK [debug] *******************************************************************
ok: [some.host] => {
    "b.stdout": "foo"
}

TASK [debug] *******************************************************************
ok: [some.host] => {
    "c.stdout": "realuser"
}

TASK [debug] *******************************************************************
ok: [some.host] => {
    "d.stdout": "bar"
}

TASK [debug] *******************************************************************
ok: [some.host] => {
    "e.stdout": "baz"
}

You define the user globally but that doesn't mean you want to use it on every single task.

You even can set the become_user (ansible_become_user) in your inventory, group or host-vars and therefore define a unique sudo user per host, colocation etc. Still you do not want to run every task as this user then.

like image 152
udondan Avatar answered Nov 15 '22 09:11

udondan