In the below playbook, I specify that ansible should run with the nginx
user, but at the end when the task is run and I check in the process, I see
that the last process runs with root.
Also, when I try to override this by adding become nginx on that last user,
the scripts stops working and eventually shows a timeout.
I have the below playbook, the problem is that last task that is supposed
to start the process does not run the process as the NGINX_USER, it always
runs as root, which was never specified anywhere. I check with `ps aux |
grep nginx`. And when it does this I get a `Forbidden error`.
And when I try to force it to become user like in the commented out code,
it gets stuck and won't complete.
How do I ensure that ansbile always runs with the correct users. I am not
sure how to fix this.
- name: Install Nginx Ubuntu
hosts: all
remote_user: "{{ NGINX_USER }}"
become: yes
become_method: sudo
gather_facts: no
connection: ssh
vars:
NGINX_VERSION: nginx-1.17.10
NGINX_SBIN_PATH: /usr/sbin/
NGINX_ERROR_LOG_PATH: /var/log/nginx/error.log
NGINX_HTTP_LOG_PATH: /var/log/nginx/access.log
NGINX_PID_PATH: /var/run/nginx.pid
vars_files:
- ../vars/global.yaml
tasks:
- name: Check if Nginx Exists
stat: path=/etc/init.d/nginx
register: nginx_status
- name: Stop nginx Service
service: name=nginx state=stopped
when: nginx_status.stat.exists
register: service_stopped
- name: Make sure a systemd is not running
systemd:
state: stopped
name: nginx
- name: Install aptitude using apt
apt:
name: aptitude
state: latest
update_cache: yes
force_apt_get: yes
- name: Update apt repo
apt:
update_cache: yes
cache_valid_time: 3600
- name: Install required system packages
apt: name={{ item }} state=latest update_cache=yes
loop:
[
"build-essential",
"libpcre3",
"libpcre3-dev",
"zlib1g",
"zlib1g-dev",
"libssl-dev",
]
- name: Download nginx source
get_url:
url: "http://nginx.org/download/{{ NGINX_VERSION }}.tar.gz"
dest: "/tmp/{{ NGINX_VERSION }}.tar.gz"
- name: Unpacking NGINX
unarchive:
copy: no
dest: /tmp/
src: "/tmp/{{ NGINX_VERSION }}.tar.gz"
- name: Configure NGINX source with custom modules
command: "./configure --prefix=/nginx --sbin-path={{
NGINX_SBIN_PATH }} --error-log-path={{ NGINX_ERROR_LOG_PATH }}
--http-log-path={{ NGINX_HTTP_LOG_PATH }} --with-pcre
--pid-path={{ NGINX_PID_PATH }} --with-http_ssl_module
--with-http_v2_module"
args:
chdir: "/tmp/{{ NGINX_VERSION }}"
- name: Make NGINX
become: yes
shell: make && make install
args:
chdir: "/tmp/{{ NGINX_VERSION }}"
- name: Create directories"
file:
path: "{{ item.dir }}"
state: directory
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- { dir: "/usr/local/nginx/html", owner: "{{ SYSTEM_USER }}",
group: "{{ SYSTEM_USER_GROUP }}", mode: 755}
- { dir: "/nginx", owner: "{{ NGINX_USER }}", group: "{{
NGINX_USER }}", mode: 755}
- name: Copy nginx files
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: "{{ NGINX_USER }}"
group: "{{ NGINX_USER }}"
mode: 755
with_items:
# - { src: "./conf/nginx.conf", dest: "{{ NGINX_CONF_PATH }}" }
- { src: "./www/", dest: "/nginx/html" }
- { src: "./scripts/nginx.service", dest: "/lib/systemd/system/
nginx.service" }
- name: Start NGINX
# become: true
# become_user: "{{ NGINX_USER }}"
# become_method: sudo
systemd:
state: started
name: nginx
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bf8b7f5e-e115-4393-be22-5efbc4cd9700%40googlegroups.com.
