Ansible – become_user and include_tasks modification since 2.5
There is a modification since Ansible 2.5 with the way that include_tasks works with become_user
Before Ansible 2.5, your code like this one works fine, you will have the Sylvie user id
---
- hosts: localhost
gather_facts: no
tasks:
- name: test
include_tasks: test_include_id.yml
become: yes
become_user: sylvie
--- - shell: id
Since Ansible 2.5 a change in Dynamic includes and attribute inheritance was implemented causing this previous playbook to show your user id instead of Sylvie user id.
Since Ansible 2.5 use this syntax with a block to have the become_user works
---
- hosts: localhost
gather_facts: no
tasks:
- block:
- name: test
include_tasks: test_include_id.yml
become: yes
become_user: sylvie
Please follow and like us:
Invalid in Ansible 2.7 🙁
Are you sure ?
I have just tested it and it works with Ansible 2.7.8, without block, my id, with block, the become user id.
test_include.yml:
--- - hosts: localhost gather_facts: no tasks: - block: - name: test include_tasks: test_include_id.yml become: yes become_user: sylvie - debug: msg: "With block : {{ shell_result.stdout }}" - name: test without block include_tasks: test_include_id.yml become: yes become_user: sylvie - debug: msg: "Without block : {{ shell_result.stdout }}"test_include_id.yml:
Running the test :
[tests]> ansible --version ansible 2.7.8 config file = /etc/ansible/ansible.cfg configured module search path = ['/home/rico/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python3/dist-packages/ansible executable location = /usr/bin/ansible python version = 3.7.3 (default, Apr 3 2019, 05:39:12) [GCC 8.3.0] [tests]> ansible-playbook test_include.yml PLAY [localhost] ******************************************************************* TASK [test] ************************************************************************ included: ./test_include_id.yml for localhost TASK [shell] *********************************************************************** changed: [localhost] TASK [debug] *********************************************************************** ok: [localhost] => { "msg": "With block : uid=1001(sylvie) gid=1001(sylvie) groupes=1001(sylvie),..." } TASK [test without block] ********************************************************** included: ./test_include_id.yml for localhost TASK [shell] *********************************************************************** changed: [localhost] TASK [debug] *********************************************************************** ok: [localhost] => { "msg": "Without block : uid=1000(rico) gid=1000(rico) groupes=1000(rico),..." } PLAY RECAP ************************************************************************* localhost : ok=6 changed=2 unreachable=0 failed=0Actually I’ve tried the same code but it keeps the user I’ve connected with, maybe it’s bound to the way I’ve done my whole project.
But I’ve found another solution using the new syntax of 2.7 (2.7.4 if I remember right), I’ve tried it with a loop :
– include_tasks:
file: myfile.yml
apply:
become: yes
become_user: “{{my_user}}”
loop: “{{ my_list }}”
loop_control:
loop_var: my_user
With this piece of code, I get the right user.
Sure, the apply syntax could help you to solve this problem as it apply the arguments inside the include yaml file, tag including.
https://docs.ansible.com/ansible/latest/modules/include_tasks_module.html