Ansible uses the
become, become_user, and become_method directives to achieve privilege escalation. You can apply them to an entire play or playbook, set them in an included playbook, or set them for a particular task.- name: checkout repo
git: repo=https://github.com/some/repo.git version=master dest={{ dst }}
become: yes
become_user: some_user
You can use
become_with to specify how the privilege escalation is achieved, the default being sudo.
More Examples:
- name: Ensure the httpd service is running
service:
name: httpd
state: started
become: yes
To run a command as the
apache user:- name: Run a command as the apache user
command: somecommand
become: yes
become_user: apache
To do something as the
nobody user when the shell is nologin:- name: Run a command as nobody
command: somecommand
become: yes
become_method: su
become_user: nobody
become_flags: '-s /bin/sh'
No comments:
Post a Comment