问题
Currently my playbook structure is like this:
~/test_ansible_roles ❯❯❯ tree .
.
├── checkout_sources
│ └── tasks
│ └── main.yml
├── install_dependencies
│ └── tasks
│ └── main.yml
├── make_dirs
│ └── tasks
│ └── main.yml
├── setup_machine.yml
One of the roles that I have is to install dependencies on my box, so for this I need sudo. Because of that all of my other tasks I need to include the stanza:
become: yes
become_user: my_username
Is there a better way to do this ?
回答1:
You can set the become options per:
- playbook
- role
- task
Per playbook:
- hosts: whatever
become: yes
become_user: my_username
roles:
- checkout_sources
- install_dependencies
- make_dirs
Per role:
- hosts: whatever
roles:
- checkout_sources
- role: install_dependencies
become: yes
become_user: my_username
- make_dirs
Per task:
- shell: do something
become: yes
become_user: my_username
You can combine this however you like. The playbook can run as user A, a role as user B and finally a task inside the role as user C.
Defining become per playbook or role is rarely needed. If a single task inside a role requires sudo it should only be defined for that specific task and not the role.
If multiple tasks inside a role require become, blocks come in handy to avoid recurrence:
- block:
- shell: do something
- shell: do something
- shell: do something
become: yes
become_user: my_username
来源:https://stackoverflow.com/questions/37200337/is-there-anyway-to-run-multiple-ansible-playbooks-as-multiple-users-more-efficie