使用Ansible为每个角色定义"become = yes" [英] Define `become=yes' per role with Ansible
问题描述
在使用Ansible进行系统配置时,我不想在每个任务中都指定become=yes
,因此我在项目主目录中创建了以下 ansible.cfg ,而Ansible会自动运行所有内容作为根:
In my system provisioning with Ansible, I don't want to specify become=yes
in every task, so I created the following ansible.cfg in the project main directory, and Ansible automatically runs everything as root:
[privilege_escalation]
become = True
但是随着项目的不断发展,一些新角色不应该以root身份运行.我想知道是否可以在角色内部进行一些指令,即该角色中的所有任务都应以root用户身份运行(例如,vars/中的某些内容),而不要使用全局 ansible.cfg 上面的解决方案!
But as the project kept growing, some new roles should not be run as root. I would like to know if it is possible to have some instruction inside the role that all tasks whithin that role should be run as root (eg. something in vars/), instead of the global ansible.cfg solution above!
推荐答案
我已经找到了解决方案,尽管我认为Ansible团队应该实施更好的解决方案.将 main.yml 重命名为 tasks.yml ,然后将以下内容写入 main.yml :
I have found a solution, although I think a better solution should be implemented by the Ansible team. Rename main.yml to tasks.yml, and then write the following to main.yml:
---
- { include: tasks.yml, become: yes }
另一种解决方案是直接在 site.yml 中传递参数,但问题的主要思想是在其他项目中重用该角色,而不会忘记它需要root用户:
Another solution is to pass the parameter directly in site.yml, but the main idea of the question was reusing the role in other projects without forgetting it needs root:
---
- hosts: localhost
roles:
- { role: name, become: yes }
这篇关于使用Ansible为每个角色定义"become = yes"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!