使用 Ansible 为每个角色定义“become=yes" [英] Define `become=yes' per role with Ansible
问题描述
在我使用 Ansible 的系统配置中,我不想在每个任务中指定 become=yes
,所以我在项目主目录中创建了以下 ansible.cfg目录,Ansible 会自动以 root 身份运行所有内容:
In my system provisioning with Ansible, I don't want to specify become=yes
in every task, so I created the following ansible.cfg in the project main directory, and Ansible automatically runs everything as root:
[privilege_escalation]
become = True
但是随着项目的不断发展,一些新角色不应该以 root 身份运行.我想知道是否有可能在角色内部有一些指令,该角色内的所有任务都应该以 root 身份运行(例如 vars/中的某些内容),而不是全局 ansible.cfg上面的解决方案!
But as the project kept growing, some new roles should not be run as root. I would like to know if it is possible to have some instruction inside the role that all tasks whithin that role should be run as root (eg. something in vars/), instead of the global ansible.cfg solution above!
推荐答案
我已经找到了解决方案,但我认为 Ansible 团队应该实施更好的解决方案.将main.yml重命名为tasks.yml,然后将以下内容写入main.yml:
I have found a solution, although I think a better solution should be implemented by the Ansible team. Rename main.yml to tasks.yml, and then write the following to main.yml:
---
- { include: tasks.yml, become: yes }
另一种解决方案是直接在site.yml中传递参数,但问题的主要思想是在其他项目中重用角色而不忘记它需要root:
Another solution is to pass the parameter directly in site.yml, but the main idea of the question was reusing the role in other projects without forgetting it needs root:
---
- hosts: localhost
roles:
- { role: name, become: yes }
这篇关于使用 Ansible 为每个角色定义“become=yes"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!