Recently I started digging into Ansible and writing my own playbooks. However, I have a troubles with understanding difference between become and become_user.
As I understand it become_user is something similar to su <username>, and become means something like sudo su or "perform all commands as a sudo user". But sometimes these two directives are mixed.
Could you explain the correct meaning of them?
become_user defines the user which is being used for privilege escalation.
become simply is a flag to either activate or deactivate the same.
Here are three examples which should make it clear:
This task will be executed as root, because root is the default user for privilege escalation:
- do: something
become: true
This task will be executed as user someone, because the user is explicitly set:
- do: something
become: true
become_user: someone
This task will not do anything with become_user, because become is not set and defaults to false/no:
- do: something
become_user: someone
...unless become was set to true on a higher level, e.g. a block, include, the playbook or globally via group or host-vars.
Here is an example with a block:
- become: true
block:
- do: something
become_user: someone
- do: something
- do: something
become: false
become_user: someone
- do: something
become: false
The 1st is ran as user someone, the 2nd as root. The 3rd and 4th tasks have become explicitly disabled, so they will be ran as the user who executed the playbook.
As I understand it become_user is something similar to su , and become means something like sudo su or "perform all commands as a sudo user".
The default become_method is sudo, so sudo do something or sudo -u <become_user> do something
Fineprint: Of course "do: something" is pseudocode. Put your actual Ansible module there.