Ansible 中 become 和 become_user 的区别 [英] Difference between become and become_user in Ansible

问题描述

最近我开始深入研究 Ansible 并编写自己的剧本.但是，我在理解 become 和 become_user 之间的区别时遇到了麻烦.据我了解，become_user 类似于 su ，而 become 的意思类似于 sudo su或以 sudo 用户身份执行所有命令".但有时这两个指令是混合的.

Recently I started digging into Ansible and writing my own playbooks. However, I have a troubles with understanding difference between become and become_user. As I understand it become_user is something similar to su <username>, and become means something like sudo su or "perform all commands as a sudo user". But sometimes these two directives are mixed.

你能解释一下它们的正确含义吗?

Could you explain the correct meaning of them?

推荐答案

become_user 定义用于 权限提升.

become 只是一个标志来激活或停用相同的东西.

become simply is a flag to either activate or deactivate the same.

以下是三个应该清楚的例子:

Here are three examples which should make it clear:

1. 这个任务将以root执行，因为root是提权的默认用户:

1. This task will be executed as root, because root is the default user for privilege escalation:

 - do: something
   become: true

这个任务将作为用户someone执行，因为用户是明确设置的:

This task will be executed as user someone, because the user is explicitly set:

 - do: something
   become: true
   become_user: someone

这个任务不会对 become_user 做任何事情，因为 become 没有设置并且默认为 false/no:

This task will not do anything with become_user, because become is not set and defaults to false/no:

 - do: something
   become_user: someone

...除非在更高级别将 become 设置为 true，例如块、剧本、组或主机变量等.

...unless become was set to true on a higher level, e.g. a block, the playbook, group or host-vars etc.

这是一个带有块的示例:

    - become: true
      block:
        - do: something
          become_user: someone
        - do: something

第一个以用户 someone 运行，第二个以 root 运行.

The first 1st is ran as user someone, the 2nd as root.

据我所知， become_user 类似于 su ，而 become 意味着类似于 sudo su 或以 sudo 用户身份执行所有命令".

As I understand it become_user is something similar to su , and become means something like sudo su or "perform all commands as a sudo user".

默认的 become_method 是 sudo，所以 sudo do something 或 sudo -u 做点什么

The default become_method is sudo, so sudo do something or sudo -u <become_user> do something

_{^{Fineprint:当然做:某事"；是伪代码.将您的实际 Ansible 模块放在那里.}}

_{^{Fineprint: Of course "do: something" is pseudocode. Put your actual Ansible module there.}}

这篇关于Ansible 中 become 和 become_user 的区别的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！