Question:
I have read the Ansible documentation but I am still a bit confused about the three following parameters in ansible playbooks: user, sudo, sudo_user.
I have tried the following playbooks with different combination of the parameters:
- user:deploy => Works
- user:deploy and sudo: True => Hangs on the git task
- user:deploy, sudo: True and sudo_user: deploy => Works
What does sudo_user actually do?
When and why should I use each of these combinations?
|
1 2 3 4 5 6 7 8 9 10 11 12 |
- hosts: all user: deploy sudo: True sudo_user: deploy tasks: - name: Ensure code directory file: dest=/home/deploy/code state=directory - name: Deploy app git: repo=git@bitbucket.org:YAmikep/djangotutorial.git dest=/home/deploy/code |
Thanks
Answer:
useris the user you’re ssh’ing as. With your config, you’re ssh’ing asdeploy.sudo_useris the user you’re sudo’ing on the host whensudo: yesis set.
So I think in your case none of sudo and sudo_user are necessary if you can ssh as deploy.
However, if you ssh as root, you need to set
sudo_user: deploy and sudo: yes.
If you ask for ‘sudo’ but don’t specify any user, Ansible will use the default set in your ~/.ansible.cfg (sudo_user), and will default to root.
Note that user is deprecated (because it’s confusing). You should use remote_user instead.
EDIT: Case #2 probably hangs because of ssh confirmation issues : you probably have bitbucket.org host key in ~deploy/.ssh/known_hosts but NOT in ~root/.ssh/known_hosts
UPDATE: As of Ansible 2.x, use become and become_user instead of the deprecated sudo and sudo_user. Example usage:
|
1 2 3 4 5 6 7 8 9 10 11 12 |
- hosts: all user: deploy become: true become_user: deploy tasks: - name: Ensure code directory file: dest=/home/deploy/code state=directory - name: Deploy app git: repo=git@bitbucket.org:YAmikep/djangotutorial.git dest=/home/deploy/cod |