There is no quickfix for what the task wants to do because of the Privilege escalation of Ansible.
To me a quick fix would be to pull as the connecting user and to chown to the lobsters user the directory. I just don't know how unicorn would react if the files change owner.
In addition, as discussed recently on Lobsters, Deploying using git pulls can lead to issues and is not a great pattern.
Hey guys, It seems that you're using
sudo
keyword as a privilege escalation method. This has been deprecated and replaced bybecome
. With the last few versions of Ansible,sudo
is ignored. This means that the [git pull task] (https://github.com/lobsters/lobsters-ansible/blob/96a0aadfa4c2af088123153745c2ddf51ab61249/roles/lobsters/tasks/main.yml#L40) is not pulling with the user lobsters but with root (since the role is called withbecome: true
.There is no quickfix for what the task wants to do because of the Privilege escalation of Ansible.
To me a quick fix would be to pull as the connecting user and to chown to the lobsters user the directory. I just don't know how unicorn would react if the files change owner. In addition, as discussed recently on Lobsters, Deploying using git pulls can lead to issues and is not a great pattern.