In the below playbook, I specify that ansible should run with the nginx user, but at the end when the task is run and I check in the process, I see that the last process runs with root.
Also, when I try to override this by adding become nginx on that last user, the scripts stops working and eventually shows a timeout. I have the below playbook, the problem is that last task that is supposed to start the process does not run the process as the NGINX_USER, it always runs as root, which was never specified anywhere. I check with `ps aux | grep nginx`. And when it does this I get a `Forbidden error`. And when I try to force it to become user like in the commented out code, it gets stuck and won't complete. How do I ensure that ansbile always runs with the correct users. I am not sure how to fix this. - name: Install Nginx Ubuntu hosts: all remote_user: "{{ NGINX_USER }}" become: yes become_method: sudo gather_facts: no connection: ssh vars: NGINX_VERSION: nginx-1.17.10 NGINX_SBIN_PATH: /usr/sbin/ NGINX_ERROR_LOG_PATH: /var/log/nginx/error.log NGINX_HTTP_LOG_PATH: /var/log/nginx/access.log NGINX_PID_PATH: /var/run/nginx.pid vars_files: - ../vars/global.yaml tasks: - name: Check if Nginx Exists stat: path=/etc/init.d/nginx register: nginx_status - name: Stop nginx Service service: name=nginx state=stopped when: nginx_status.stat.exists register: service_stopped - name: Make sure a systemd is not running systemd: state: stopped name: nginx - name: Install aptitude using apt apt: name: aptitude state: latest update_cache: yes force_apt_get: yes - name: Update apt repo apt: update_cache: yes cache_valid_time: 3600 - name: Install required system packages apt: name={{ item }} state=latest update_cache=yes loop: [ "build-essential", "libpcre3", "libpcre3-dev", "zlib1g", "zlib1g-dev", "libssl-dev", ] - name: Download nginx source get_url: url: "http://nginx.org/download/{{ NGINX_VERSION }}.tar.gz" dest: "/tmp/{{ NGINX_VERSION }}.tar.gz" - name: Unpacking NGINX unarchive: copy: no dest: /tmp/ src: "/tmp/{{ NGINX_VERSION }}.tar.gz" - name: Configure NGINX source with custom modules command: "./configure --prefix=/nginx --sbin-path={{ NGINX_SBIN_PATH }} --error-log-path={{ NGINX_ERROR_LOG_PATH }} --http-log-path={{ NGINX_HTTP_LOG_PATH }} --with-pcre --pid-path={{ NGINX_PID_PATH }} --with-http_ssl_module --with-http_v2_module" args: chdir: "/tmp/{{ NGINX_VERSION }}" - name: Make NGINX become: yes shell: make && make install args: chdir: "/tmp/{{ NGINX_VERSION }}" - name: Create directories" file: path: "{{ item.dir }}" state: directory owner: "{{ item.owner }}" group: "{{ item.group }}" mode: "{{ item.mode }}" with_items: - { dir: "/usr/local/nginx/html", owner: "{{ SYSTEM_USER }}", group: "{{ SYSTEM_USER_GROUP }}", mode: 755} - { dir: "/nginx", owner: "{{ NGINX_USER }}", group: "{{ NGINX_USER }}", mode: 755} - name: Copy nginx files copy: src: "{{ item.src }}" dest: "{{ item.dest }}" owner: "{{ NGINX_USER }}" group: "{{ NGINX_USER }}" mode: 755 with_items: # - { src: "./conf/nginx.conf", dest: "{{ NGINX_CONF_PATH }}" } - { src: "./www/", dest: "/nginx/html" } - { src: "./scripts/nginx.service", dest: "/lib/systemd/system/ nginx.service" } - name: Start NGINX # become: true # become_user: "{{ NGINX_USER }}" # become_method: sudo systemd: state: started name: nginx -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/bf8b7f5e-e115-4393-be22-5efbc4cd9700%40googlegroups.com.