- hosts: all gather_facts: no remote_user: root roles: - { role: test_become_r2, sudo_user: testing } tasks: - command: whoami - command: whoami become_user: testing - block: - command: whoami - block: - command: whoami become_user: testing
The roles are simple, r2 lists r1 as a dependency, and both simply do:
- debug: msg="..." - command: whoami
TASK [test_become_r1 : debug msg=this is test_become_r1] ************************ ok: [localhost] => { "msg": "this is test_become_r1", "changed": false } TASK [test_become_r1 : command] ************************************************* changed: [localhost] => {"changed": true, "end": "2015-03-20 13:13:38.894205", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:13:38.891473", "delta": "0:00:00.002732", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []} TASK [test_become_r2 : debug msg=this is test_become_r2] ************************ ok: [localhost] => { "msg": "this is test_become_r2", "changed": false } TASK [test_become_r2 : command] ************************************************* changed: [localhost] => {"changed": true, "end": "2015-03-20 13:13:39.465954", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:13:39.463465", "delta": "0:00:00.002489", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []} TASK [command] ****************************************************************** changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.156469", "stdout": "root", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.153427", "delta": "0:00:00.003042", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["root"], "warnings": []} TASK [command] ****************************************************************** changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.346618", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.344034", "delta": "0:00:00.002584", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []} TASK [command] ****************************************************************** changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.525066", "stdout": "root", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.522358", "delta": "0:00:00.002708", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["root"], "warnings": []} TASK [command] ****************************************************************** changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.808344", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.805680", "delta": "0:00:00.002664", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}
All four whoami
commands with become_user
specified correctly switched privileges to the specified user. The role specifying sudo_user
also switched all tasks to the new user too (as well as for the dependencies). This will make grouping commands with common privilege escalation needs much easier!