Difference between become and become_user in Ansible
Difference between become and become_user in Ansible
become_user defines the user which is being used for privilege escalation.
become simply is a flag to either activate or deactivate the same.
Here are three examples which should make it clear:
-
This task will be executed as
root, becauserootis the default user for privilege escalation:- do: something become: true -
This task will be executed as user
someone, because the user is explicitly set:- do: something become: true become_user: someone -
This task will not do anything with
become_user, becausebecomeis not set and defaults tofalse/no:- do: something become_user: someone
…unless become was set to true on a higher level, e.g. a block, the playbook, group or host-vars etc.
Here is an example with a block:
- become: true
block:
- do: something
become_user: someone
- do: something
The first 1st is ran as user someone, the 2nd as root.
As I understand it become_user is something similar to su , and become means something like sudo su or perform all commands as a sudo user.
The default become_method is sudo, so sudo do something or sudo -u <become_user> do something
Fineprint: Of course do: something is pseudocode. Put your actual Ansible module there.
become: yes=sudo
become_user: user_name=sudo -u user_namebecome: yesbecome_user: rootis equivalent ofbecome: yes
this link is explaining the difference clearly.
Difference between become and become_user in Ansible
If I need to run a batch of task with sudo, I often use an include_task statement.
It also helps a lot to keep a large playbook split up in parts.
For example
- name: prepare task x
include_tasks: x-preparation.yml
when: condition is true
args:
apply:
become: yes
This is also a handy approach when using tags:
- name: execute tasks x
include_tasks: x-execution.yml
args:
apply:
tags: exec
tags:
- exec
Important is that you need to put a tag on the include_tasks statement as well
Hope this is helpful for anyone