在sudo用户下应用角色 [英] Applying a role under sudo user

问题描述

是否可以在Ansible中将特定角色应用为sudo?

Is it possible to apply a specific role as sudo in Ansible?

具体来说，这些是从ansible-galaxy获取的角色，因此源不在我的控制范围内.

Specifically, these are roles fetched from ansible-galaxy, so the source is not within my control.

此示例建议将sudo:yes传递给角色，但我认为必须首先定义角色以期望参数.

This example suggests that passing sudo:yes to the role should work, but I presume the role must first be defined to expect the param.

This section of the changelog suggests that sudo true can be set at the role level, however, the following is not working:

---
- remote_user: "vagrant"
  tasks: []
  hosts: "all"
  roles:
  - role: "mysql"
    sudo: yes

但是，在顶层应用sudo可以使角色起作用:

However, applying sudo at the top level makes the role work:

---
- remote_user: "vagrant"
  tasks: []
  hosts: "all"
  sudo: yes
  roles:
  - role: "mysql"

注意-我已经尝试过同时使用sudo: true和sudo: yes，结果是相同的.

Note -- I've tried with both sudo: true and sudo: yes, and the outcome is the same.

推荐答案

是的，您可以以其他用户(包括root)的身份执行角色，但只能在剧本"级别.

Yes, you can perform a role as another user, including root, but only at the "playbook" level.

如果您想以自己的身份扮演一个角色，而以"root"角色扮演另一个角色，则必须将这些角色写成单独的剧本(无论它们是否在单独的文件中).

If you want to run one role as yourself, and another role as, say, "root", then you'll have to write those up as separate plays (whether or not they are in separate files).

例如，假设您有这本剧本，包含两个剧本，使用相同的角色，但具有不同的sudo用户:

For example, assuming that you have this playbook, containing two plays, using the same role, but with different sudo users:

---
- hosts: localhost
  sudo: yes
  roles:
  - role: aks.whoami

- hosts: localhost
  sudo: no
  roles:
  - role: aks.whoami

而且，这个角色:aks.whoami:

---
- name: "whoami?"
  shell: whoami
  register: whoami

- debug: var=whoami.stdout

这是输出:

PLAY [localhost] **************************************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [aks.whoami | whoami?] **************************************************
changed: [localhost]

TASK: [aks.whoami | debug var=whoami.stdout] **********************************
ok: [localhost] => {
    "var": {
        "whoami.stdout": "root"
    }
}

PLAY [localhost] **************************************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [aks.whoami | whoami?] **************************************************
changed: [localhost]

TASK: [aks.whoami | debug var=whoami.stdout] **********************************
ok: [localhost] => {
    "var": {
        "whoami.stdout": "aks"
    }
}

PLAY RECAP ********************************************************************
localhost                  : ok=6    changed=2    unreachable=0    failed=0

这篇关于在sudo用户下应用角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！