Re: [ansible-project] template module ignoring become_user?

Sun, 13 Sep 2015 22:48:36 -0700 

Thanks for answering, Brian.

No, there is no output missing as I reduced the testcase to the bare 
minimum.

But I think I know where the problem is. Let me explain:

I'm setting this all up in a cloud-like environment where the user I have 
to use on the target system is not root, but may sudo to root.

What I wanted to achieve is to update the content of a webserver, by 
regularly polling a subversion repository.

What happens when the playbook was updated is:
a) User vfuser (my crontab user) is starting ansible-playbook
b) the playbook has a become-user: apache and updates its content using 
subversion
c) some templates now need to be updated which need be done by user apache, 
as the working copy belongs to apache -> This fails as ansible tries to do 
this as vfuser

Of course ansible has to do this as vfuser (the one running ansible) as 
this would be the only valid user in a push-scenario.

Unfortunately I'm in a pull-scenario and so vfuser does not have permission.

I'm doing it now (overly complicated?) like this:

   - Update Content
      - This is the svn up. getting the content for apache
      - Make Templates Accessible
      - Does a chmod 0755 on all the updated directories
      - Remove Dummy Dargets
      - Removes all the html files, which will get created, just in case 
      they already exist
      - Create Dummy Targets
      - Now create the empty html files and chown them to vfuser
      - Fill Templates
      - Fill the templates as vfuser
      - Set Permission of Targets
      - chown back to apache
      - Cleanup Templates
      - remove the templates
      

I'm not sure whether or not I found an "edge-case", but I think it could be 
beneficial, could the template-fill also be run under "become_user".


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/82e3d184-d3d4-4579-9ec5-0479843f6e8d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to