Thanks! Having the same user to do the connection and run sudo does not seems a good fit. And SU is not an option since the password cannot be stored in the inventory file.
On Tuesday, September 30, 2014 7:36:40 PM UTC+2, tkuratomi wrote: > > On Tue, Sep 30, 2014 at 11:41 AM, Andreas Calvo > <[email protected] <javascript:>> wrote: > > Michael, > > Sure! > > > > The goal is to be able to separate the user than connects to the server > from > > the user that runs privileged commands (even if using sudo). > > If ssh user is different than sudo user, does it imply that sudo > commands > > will be executed as sudo --user? > > > > Are you meaning like this? > > $ ansible localhost -a whoami > localhost | success | rc=0 >> > badger > > $ ansible localhost -a whoami -K --sudo > sudo password: > localhost | success | rc=0 >> > root > > $ ansible localhost -a whoami -K --sudo -U testuser > sudo password: > localhost | success | rc=0 >> > testuser > > In a playbook, that looks something like: > > $ cat test.yml > - hosts: localhost > sudo: yes > tasks: > - command: whoami > register: output > - debug: var=output > > $ ansible-playbook test.yml -K > > Docs for this are at: > http://docs.ansible.com/playbooks_intro.html#hosts-and-users > > -Toshio > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c8f6aca4-e755-4c93-99d7-e2bd2487b06b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
