user vs sudo vs sudo_user in ansible playbooks

Question:

I have read the Ansible documentation but I am still a bit confused about the three following parameters in ansible playbooks: user, sudo, sudo_user.

I have tried the following playbooks with different combination of the parameters:

  1. user:deploy => Works
  2. user:deploy and sudo: True => Hangs on the git task
  3. user:deploy, sudo: True and sudo_user: deploy => Works

What does sudo_user actually do?
When and why should I use each of these combinations?

Thanks

Answer:

  • user is the user you’re ssh’ing as. With your config, you’re ssh’ing as deploy.
  • sudo_user is the user you’re sudo’ing on the host when sudo: yes is set.

So I think in your case none of sudo and sudo_user are necessary if you can ssh as deploy.

However, if you ssh as root, you need to set
sudo_user: deploy and sudo: yes.

If you ask for ‘sudo’ but don’t specify any user, Ansible will use the default set in your ~/.ansible.cfg (sudo_user), and will default to root.

Note that user is deprecated (because it’s confusing). You should use remote_user instead.

EDIT: Case #2 probably hangs because of ssh confirmation issues : you probably have bitbucket.org host key in ~deploy/.ssh/known_hosts but NOT in ~root/.ssh/known_hosts

UPDATE: As of Ansible 2.x, use become and become_user instead of the deprecated sudo and sudo_user. Example usage:

Leave a Reply