在 sudo 用户下应用角色 [英] Applying a role under sudo user

问题描述

是否可以在 Ansible 中以 sudo 身份应用特定角色?

Is it possible to apply a specific role as sudo in Ansible?

具体来说，这些是从 ansible-galaxy 获取的角色，因此来源不在我的控制范围内.

Specifically, these are roles fetched from ansible-galaxy, so the source is not within my control.

这个例子表明传递sudo:yes 角色应该可以工作，但我认为必须首先定义角色以期望参数.

This example suggests that passing sudo:yes to the role should work, but I presume the role must first be defined to expect the param.

本节 建议可以在角色级别设置 sudo true，但是，以下内容不起作用:

This section of the changelog suggests that sudo true can be set at the role level, however, the following is not working:

---
- remote_user: "vagrant"
  tasks: []
  hosts: "all"
  roles:
  - role: "mysql"
    sudo: yes

但是，在顶层应用 sudo 会使角色起作用:

However, applying sudo at the top level makes the role work:

---
- remote_user: "vagrant"
  tasks: []
  hosts: "all"
  sudo: yes
  roles:
  - role: "mysql"

注意——我已经尝试过 sudo: true 和 sudo: yes，结果是一样的.

Note -- I've tried with both sudo: true and sudo: yes, and the outcome is the same.

推荐答案

是的，您可以以其他用户身份执行角色，包括 root，但只能在剧本"级别.

Yes, you can perform a role as another user, including root, but only at the "playbook" level.

如果您想扮演自己的角色，而想扮演另一个角色，比如root"，那么您必须将它们写成单独的剧本(无论它们是否在单独的文件中).

If you want to run one role as yourself, and another role as, say, "root", then you'll have to write those up as separate plays (whether or not they are in separate files).

例如，假设您有这本剧本，其中包含两个剧本，使用相同的角色，但具有不同的 sudo 用户:

For example, assuming that you have this playbook, containing two plays, using the same role, but with different sudo users:

---
- hosts: localhost
  sudo: yes
  roles:
  - role: aks.whoami

- hosts: localhost
  sudo: no
  roles:
  - role: aks.whoami

而且，这个角色:aks.whoami:

---
- name: "whoami?"
  shell: whoami
  register: whoami

- debug: var=whoami.stdout

这是输出:

PLAY [localhost] **************************************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [aks.whoami | whoami?] **************************************************
changed: [localhost]

TASK: [aks.whoami | debug var=whoami.stdout] **********************************
ok: [localhost] => {
    "var": {
        "whoami.stdout": "root"
    }
}

PLAY [localhost] **************************************************************

GATHERING FACTS ***************************************************************
ok: [localhost]

TASK: [aks.whoami | whoami?] **************************************************
changed: [localhost]

TASK: [aks.whoami | debug var=whoami.stdout] **********************************
ok: [localhost] => {
    "var": {
        "whoami.stdout": "aks"
    }
}

PLAY RECAP ********************************************************************
localhost                  : ok=6    changed=2    unreachable=0    failed=0

这篇关于在 sudo 用户下应用角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！