tersmitten
commented
1 year ago Why don't you use the following:
---
- hosts: localhost
roles:
- { role: name, become: yes }Closed solick closed 1 year ago
tersmitten
commented
1 year ago Why don't you use the following:
---
- hosts: localhost
roles:
- { role: name, become: yes }
solick
commented
1 year ago @tersmitten yes this is also possible, but from my point of view a task which needs root privileges should request them automatically, this should not be a manual step because it a) can cause errors and b) is more consistent to let tasks where it is necessary request privileges.
tersmitten
commented
1 year ago I understand, but I find this unnecessarily verbose. All our roles (150+) assume "root" access for all tasks unless otherwise stated. I prefer to keep it like this (and be consistent).
solick
commented
1 year ago @tersmitten understood, you are the maintainer but I would advice to think about the roles need root access for security reasons.
For security reasons, some server need to close ssh root access completely. In this case ansible_user will be not root but a normal user with sudo privileges. To be able to run the role successfully, all tasks related to install and configure fail2ban server wide need to perform privilege escalation. This was added to this commit.