delegate_to doesn't work when become_user used

1
votes

My ansible server accesses target hosts as account access_user.

    [defaults]
    remote_user = access_user
    private_key_file = /home/roger/access_user/id_rsa

In my playbook, operations(actually organized as roles) needs to be run as config_user, so I used become_user keyword. Meanwhile, some tasks needs to be run locally on ansible server, so I used delegate_to.

    - name: test
      hosts: pltvip
      become: true
      become_user: config_user
      become_method: sudo
      gather_facts: no
      roles:
        - role: 'do_configure'

role do_configure:

    - name: create local directory
      shell: mkdir /storage/savelog
      delegate_to: localhost

    - name: do something
      shell: myscript.sh

The playbook fails for following error:

TASK [do_configure : create local directory] *********************************************************************task path: /home/roger/ansible/configure/do_configure/tasks/main.yml:2 ESTABLISH LOCAL CONNECTION FOR USER: roger EXEC /bin/sh -c 'echo ~roger && sleep 0' EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /var/tmp/ansible-tmp-1570882787.55-210995749037992" && echo ansible-tmp-1570882787.55-210995749037992="echo /var/tmp/ansible-tmp-1570882787.55-210995749037992" ) && sleep 0' Using module file /usr/lib/python2.7/dist-packages/ansible/modules/commands/command.py PUT /home/roger/.ansible/tmp/ansible-local-129262NOr73/tmpSjAO8_ TO /var/tmp/ansible-tmp-1570882787. 55-210995749037992/AnsiballZ_command.py EXEC /bin/sh -c 'setfacl -m u:dsuser:r-x /var/tmp/ansible-tmp-1570882787.55-210995749037992/ /var/tmp/ ansible-tmp-1570882787.55-210995749037992/AnsiballZ_command.py && sleep 0' EXEC /bin/sh -c 'chmod u+x /var/tmp/ansible-tmp-1570882787.55-210995749037992/ /var/tmp/ansible-tmp-1570882787.55-210995749037992/AnsiballZ_command.py && sleep 0'

EXEC /bin/sh -c 'chown config_user /var/tmp/ansible-tmp-1570882787.55-210995749037992/ /var/tmp/ansible-tmp -1570882787.55-210995749037992/AnsiballZ_command.py && sleep 0' fatal: [192.168.197.53]: FAILED! => { "msg": "Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: invalid user: ‘config_user’\n}). For information on working around this, see https://docs.ans ible.com/ansible/become.html#becoming-an-unprivileged-user" }

I removed the become_user, then this error disappears. The only difference is that no "chown" action this time.

1
ansible
You either have to create config_user on localhost or use a different become_user that exists on localhost for your specific task or turn off privilege escalation for that specific task (if access_user exists on localhost else you'll have to create it as well...)Zeitounator

1 Answers

0
votes

Instead of giving become true at the top, provide it for specific task where you need.

    - name: test
      hosts: pltvip
      become_user: config_user
      become_method: sudo
      gather_facts: no
      roles:
        - role: 'do_configure'

role do_configure:

    - name: create local directory
      shell: mkdir /storage/savelog
      delegate_to: localhost

    - name: do something
      shell: myscript.sh
      become: true