Merge pull request #10788 from bcoca/become_intro_docs
updated intro to new become syntax, also added link to full become docs
This commit is contained in:
commit
3db5d8199d
1 changed files with 25 additions and 12 deletions
|
@ -148,7 +148,7 @@ Remote users can also be defined per task::
|
||||||
The `remote_user` parameter for tasks was added in 1.4.
|
The `remote_user` parameter for tasks was added in 1.4.
|
||||||
|
|
||||||
|
|
||||||
Support for running things from sudo is also available::
|
Support for running things from as another user is also available (see :doc:`become`)::
|
||||||
|
|
||||||
---
|
---
|
||||||
- hosts: webservers
|
- hosts: webservers
|
||||||
|
@ -162,31 +162,44 @@ You can also use sudo on a particular task instead of the whole play::
|
||||||
remote_user: yourname
|
remote_user: yourname
|
||||||
tasks:
|
tasks:
|
||||||
- service: name=nginx state=started
|
- service: name=nginx state=started
|
||||||
sudo: yes
|
become: yes
|
||||||
|
become_method: sudo
|
||||||
|
|
||||||
|
.. note::
|
||||||
|
|
||||||
You can also login as you, and then sudo to different users than root::
|
The becoem syntax deprecates the old sudo/su specific syntax begining in 1.9.
|
||||||
|
|
||||||
|
You can also login as you, and then become a user different than root::
|
||||||
|
|
||||||
---
|
---
|
||||||
- hosts: webservers
|
- hosts: webservers
|
||||||
remote_user: yourname
|
remote_user: yourname
|
||||||
sudo: yes
|
become: yes
|
||||||
sudo_user: postgres
|
become_user: postgres
|
||||||
|
|
||||||
If you need to specify a password to sudo, run `ansible-playbook` with ``--ask-sudo-pass`` (`-K`).
|
You can also use other privilege escalation methods, like su::
|
||||||
If you run a sudo playbook and the playbook seems to hang, it's probably stuck at the sudo prompt.
|
|
||||||
Just `Control-C` to kill it and run it again with `-K`.
|
---
|
||||||
|
- hosts: webservers
|
||||||
|
remote_user: yourname
|
||||||
|
become: yes
|
||||||
|
become_method: su
|
||||||
|
|
||||||
|
If you need to specify a password to sudo, run `ansible-playbook` with ``--ask-become-pass`` or
|
||||||
|
when using the old sudo syntax ``--ask-sudo--pass`` (`-K`). If you run a become playbook and the
|
||||||
|
playbook seems to hang, it's probably stuck at the privilege escalation prompt.
|
||||||
|
Just `Control-C` to kill it and run it again adding the appropriate password.
|
||||||
|
|
||||||
.. important::
|
.. important::
|
||||||
|
|
||||||
When using `sudo_user` to a user other than root, the module
|
When using `become_user` to a user other than root, the module
|
||||||
arguments are briefly written into a random tempfile in /tmp.
|
arguments are briefly written into a random tempfile in /tmp.
|
||||||
These are deleted immediately after the command is executed. This
|
These are deleted immediately after the command is executed. This
|
||||||
only occurs when sudoing from a user like 'bob' to 'timmy', not
|
only occurs when changing privileges from a user like 'bob' to 'timmy',
|
||||||
when going from 'bob' to 'root', or logging in directly as 'bob' or
|
not when going from 'bob' to 'root', or logging in directly as 'bob' or
|
||||||
'root'. If it concerns you that this data is briefly readable
|
'root'. If it concerns you that this data is briefly readable
|
||||||
(not writable), avoid transferring unencrypted passwords with
|
(not writable), avoid transferring unencrypted passwords with
|
||||||
`sudo_user` set. In other cases, '/tmp' is not used and this does
|
`become_user` set. In other cases, '/tmp' is not used and this does
|
||||||
not come into play. Ansible also takes care to not log password
|
not come into play. Ansible also takes care to not log password
|
||||||
parameters.
|
parameters.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue