使用Ansible为每个角色定义"become = yes" [英] Define `become=yes' per role with Ansible

问题描述

在使用Ansible进行系统配置时，我不想在每个任务中都指定become=yes，因此我在项目主目录中创建了以下 ansible.cfg ，而Ansible会自动运行所有内容作为根:

In my system provisioning with Ansible, I don't want to specify become=yes in every task, so I created the following ansible.cfg in the project main directory, and Ansible automatically runs everything as root:

[privilege_escalation]
become = True

但是随着项目的不断发展，一些新角色不应该以root身份运行.我想知道是否可以在角色内部进行一些指令，即该角色中的所有任务都应以root用户身份运行(例如，vars/中的某些内容)，而不要使用全局 ansible.cfg 上面的解决方案！

But as the project kept growing, some new roles should not be run as root. I would like to know if it is possible to have some instruction inside the role that all tasks whithin that role should be run as root (eg. something in vars/), instead of the global ansible.cfg solution above!

推荐答案

我已经找到了解决方案，尽管我认为Ansible团队应该实施更好的解决方案.将 main.yml 重命名为 tasks.yml ，然后将以下内容写入 main.yml :

I have found a solution, although I think a better solution should be implemented by the Ansible team. Rename main.yml to tasks.yml, and then write the following to main.yml:

---
- { include: tasks.yml, become: yes }

另一种解决方案是直接在 site.yml 中传递参数，但问题的主要思想是在其他项目中重用该角色，而不会忘记它需要root用户:

Another solution is to pass the parameter directly in site.yml, but the main idea of the question was reusing the role in other projects without forgetting it needs root:

---
- hosts: localhost
  roles:
    - { role: name, become: yes }

这篇关于使用Ansible为每个角色定义"become = yes"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！