In the below playbook, I specify that ansible should run with the nginx
user, but at the end when the task is run and I check in the process, I see
that the last process runs with root.
Also, when I try to override this by adding become nginx on that last user,
the scripts stops working and eventually shows a timeout.
I have the below playbook, the problem is that last task that is supposed
to start the process does not run the process as the NGINX_USER, it always
runs as root, which was never specified anywhere. I check with `ps aux |
grep nginx`. And when it does this I get a `Forbidden error`.
And when I try to force it to become user like in the commented out code,
it gets stuck and won't complete.
How do I ensure that ansbile always runs with the correct users. I am not
sure how to fix this.
- name: Install Nginx Ubuntu
hosts: all
remote_user: "{{ NGINX_USER }}"
become: yes
become_method: sudo
gather_facts: no
connection: ssh
vars:
NGINX_VERSION: nginx-1.17.10
NGINX_SBIN_PATH: /usr/sbin/
NGINX_ERROR_LOG_PATH: /var/log/nginx/error.log
NGINX_HTTP_LOG_PATH: /var/log/nginx/access.log
NGINX_PID_PATH: /var/run/nginx.pid
vars_files:
- ../vars/global.yaml
tasks:
- name: Check if Nginx Exists
stat: path=/etc/init.d/nginx
register: nginx_status
- name: Stop nginx Service
service: name=nginx state=stopped
when: nginx_status.stat.exists
register: service_stopped
- name: Make sure a systemd is not running
systemd:
state: stopped
name: nginx
- name: Install aptitude using apt
apt:
name: aptitude
state: latest
update_cache: yes
force_apt_get: yes
- name: Update apt repo
apt:
update_cache: yes
cache_valid_time: 3600
- name: Install required system packages
apt: name={{ item }} state=latest update_cache=yes
loop:
[
"build-essential",
"libpcre3",
"libpcre3-dev",
"zlib1g",
"zlib1g-dev",
"libssl-dev",
]
- name: Download nginx source
get_url:
url: "http://nginx.org/download/{{ NGINX_VERSION }}.tar.gz"
dest: "/tmp/{{ NGINX_VERSION }}.tar.gz"
- name: Unpacking NGINX
unarchive:
copy: no
dest: /tmp/
src: "/tmp/{{ NGINX_VERSION }}.tar.gz"
- name: Configure NGINX source with custom modules
command: "./configure --prefix=/nginx --sbin-path={{
NGINX_SBIN_PATH }} --error-log-path={{ NGINX_ERROR_LOG_PATH }}
--http-log-path={{ NGINX_HTTP_LOG_PATH }} --with-pcre
--pid-path={{ NGINX_PID_PATH }} --with-http_ssl_module
--with-http_v2_module"
args:
chdir: "/tmp/{{ NGINX_VERSION }}"
- name: Make NGINX
become: yes
shell: make && make install
args:
chdir: "/tmp/{{ NGINX_VERSION }}"
- name: Create directories"
file:
path: "{{ item.dir }}"
state: directory
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- { dir: "/usr/local/nginx/html", owner: "{{ SYSTEM_USER }}",
group: "{{ SYSTEM_USER_GROUP }}", mode: 755}
- { dir: "/nginx", owner: "{{ NGINX_USER }}", group: "{{
NGINX_USER }}", mode: 755}
- name: Copy nginx files
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ NGINX_USER }}"
group: "{{ NGINX_USER }}"
mode: 755
with_items:
# - { src: "./conf/nginx.conf", dest: "{{ NGINX_CONF_PATH }}" }
- { src: "./www/", dest: "/nginx/html" }
- { src: "./scripts/nginx.service", dest: "/lib/systemd/system/
nginx.service" }
- name: Start NGINX
# become: true
# become_user: "{{ NGINX_USER }}"
# become_method: sudo
systemd:
state: started
name: nginx
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bf8b7f5e-e115-4393-be22-5efbc4cd9700%40googlegroups.com.
