Project

General

Profile

Actions
Copy link

Bug #25361

closed

Unable to disable ansible_become_user

Added by A W over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ondřej Pražák
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman_ansible/pull/259
Fixed in Releases:
foreman-ansible 3.0.0
Found in Releases:
Red Hat JIRA:

Description

I believe when https://projects.theforeman.org/issues/23279 got fixed, we're now always running ansible playbooks (Job category Ansible Playbook) with ansible_become_user set.
This is a problem because Ansible documentation states that if the ansible_become_user is set on the ansible connection (or via inventory), it overrides any other become_user inside the playbook you are running (see https://github.com/ansible/ansible/issues/14199 )

So what I was observing was that my becomes & because_users all got ignored when I ran ansible playbooks via foreman remote execution.
Things I tried:
a. Setting Effective user to blank string in job invocation
b. Setting Host Parameter "ansible_become" to "no" and "ansible_become_user" to blank string

I confirmed if I did something like modify ForemanAnsible::InventoryCreator.host_vars to have

      if result['ansible_become'].casecmp('no').zero?
        result.delete('ansible_become')
        result.delete('ansible_become_user')
      end

Then the become/become_user works when running my playbook.

Actions
Copy link
 #1

Updated by A W over 6 years ago

To confirm the issue, I created a job template:
Job category: Ansible Playbook
Provider Type: Ansible

---
- hosts: <%= @host.name %>
  become: yes

  tasks:
    - name: print hostname
      shell: hostname

    - name: test out whoami
      command:     whoami
      register:    whoami

    - debug: msg="{{whoami.stdout}}" 

    - name: test out becoming another user
      become:      yes
      become_user: anotheruser
      command:     whoami
      register:    anotheruser_whoami

    - debug: msg="{{anotheruser_whoami.stdout}}"

And running it shows that the same user is being used even though the second one should become the other user.

Actions
Copy link
 #2

Updated by The Foreman Bot about 6 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ondřej Pražák
  • Pull request https://github.com/theforeman/foreman_ansible/pull/259 added
Actions
Copy link
 #3

Updated by Marek Hulán about 6 years ago

  • Fixed in Releases foreman-ansible 3.0.0 added
Actions
Copy link
 #4

Updated by Anonymous about 6 years ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link

Also available in: Atom PDF