Ansible Inventory Variables – ansible_become_flags with Examples
Ansible, as a versatile IT automation tool, offers numerous configuration options defined in an Ansible inventory file. This file determines how Ansible interacts with managed hosts. One of these options,
ansible_become_flags, adds additional flexibility to privilege escalation. This blog post will delve into the
ansible_become_flags variable and provide examples of its usage.
ansible_become_flags variable is used to pass flags to the privilege escalation program. Depending on the privilege escalation method you’re using (e.g., sudo, su, pbrun, etc.), you can pass additional arguments with
Defining ansible_become_flags in the Inventory File
ansible_become_flags, you need to define it in your inventory file. The format would be
alias ansible_host=your_actual_host ansible_user=your_user ansible_become=True ansible_become_flags='-E'. Here’s an example:
Example with ansible_become_flags
Suppose you have a server with the IP address
192.168.1.100, and you want Ansible to connect as the user
deploy and pass the
-E flag (which preserves the user environment) to the
sudo command. You would define this in your inventory file as follows:
my_server ansible_host=192.168.1.100 ansible_user=deploy ansible_become=True ansible_become_flags='-E'
In this case, Ansible connects to
my_server and runs operations with the
sudo command, passing the
-E flag to preserve the user environment.
Using ansible_become_flags in a Playbook
ansible_become_flags is defined in your inventory file, Ansible uses these settings when it connects to the host. Here’s an example playbook:
- hosts: my_server
- name: Create a directory
When you run this playbook, Ansible connects to
192.168.1.100) as the
deploy user, and it uses
sudo -E (because
ansible_become_flags='-E') for privilege escalation to create the directory.
ansible_become_flags inventory variable offers greater customization of Ansible operations by allowing you to specify additional flags to be passed to the privilege escalation program. This flexibility further illustrates Ansible’s capability to adapt to various automation needs.