Use "become:yes" on every task

thefinn93 / ansible-letsencrypt

An ansible role to generate TLS certificates and get them signed by Let's Encrypt

GNU General Public License v3.0

442 stars 122 forks source link

Use "become:yes" on every task #29

Closed prevostc closed 8 years ago

prevostc commented 8 years ago

Since ansible 1.9, "become: yes" is the recommended privilege escalation method. It offers more flexibility to the role user and allow a role to mix root and non-root commands explicitly

http://docs.ansible.com/ansible/become.html

thefinn93 commented 8 years ago

This is needed when ansible logs in as non-root initially? Or what? I'm not really sure I understand (it works for me...)

prevostc commented 8 years ago

Exactly, sorry for the lack of details. I'm using ansible locally and I don't want to run every role as root. Also, this allow users to define a specific "privileged user" with --become-user=BECOME_USER and --become-method=BECOME_METHOD. This is recommended by the ansible documentation here: http://docs.ansible.com/ansible/become.html

thefinn93 commented 8 years ago

I see. I guess I thought there was a way to run the entire role with become but I guess not.