无论如何,是否可以更有效地以多个用户的身份运行多个 Ansible 剧本? [英] Is there anyway to run multiple Ansible playbooks as multiple users more efficiently?
问题描述
目前我的剧本结构是这样的:
Currently my playbook structure is like this:
~/test_ansible_roles ❯❯❯ tree .
.
├── checkout_sources
│ └── tasks
│ └── main.yml
├── install_dependencies
│ └── tasks
│ └── main.yml
├── make_dirs
│ └── tasks
│ └── main.yml
├── setup_machine.yml
我的职责之一是在我的机器上安装依赖项,因此为此我需要 sudo
.因此,我需要将所有其他任务包括在内:
One of the roles that I have is to install dependencies on my box, so for this I need sudo
. Because of that all of my other tasks I need to include the stanza:
become: yes
become_user: my_username
有没有更好的方法来做到这一点?
Is there a better way to do this ?
推荐答案
您可以设置 become
选项:
- 玩
- 角色
- 任务
每次播放:
- hosts: whatever
become: true
become_user: my_username
roles:
- checkout_sources
- install_dependencies
- make_dirs
每个角色:
- hosts: whatever
roles:
- checkout_sources
- role: install_dependencies
become: true
become_user: my_username
- make_dirs
每个任务:
- shell: do something
become: true
become_user: my_username
你可以随意组合这个.该剧可以以用户 A 的身份运行,以用户 B 的身份运行,最后以用户 C 的身份运行角色内部的任务.
You can combine this however you like. The play can run as user A, a role as user B and finally a task inside the role as user C.
为每个游戏或角色定义become
很少需要.如果角色中的单个任务需要 sudo,则应仅为该特定任务而不是角色定义它.
Defining become
per play or role is rarely needed. If a single task inside a role requires sudo it should only be defined for that specific task and not the role.
如果一个角色内的多个任务需要 become
,blocks 派上用场避免再次发生:
If multiple tasks inside a role require become
, blocks come in handy to avoid recurrence:
- block:
- shell: do something
- shell: do something
- shell: do something
become: true
become_user: my_username
这篇关于无论如何,是否可以更有效地以多个用户的身份运行多个 Ansible 剧本?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!