include_tasks を使用した時に読み込んだタスク全てに become 指定するにはどうするのかを調べたメモ。
バージョンにより挙動は変わりそうですが、 ver 2.9.5 時点では以下の挙動のようです。
include_tasks に become は使用できないので、 読み込まれるタスク側で block を使用して全体に適用することになります。
実行例
id と whoami で実行ユーザを確認します。 sub2.yml を include_tasks で読み込みます。
- main.yml
---
- hosts: all
tasks:
### tasks
- name: task1
command: id
register: result
- name: task1 result
debug: var=result.stdout
- name: task2
command: whoami
register: result
- name: task2 result
debug: var=result.stdout
### import_tasks
- name: sub1
import_tasks: sub1.yml
tags: ["sub1"]
become: yes
- name: sub1
import_tasks: sub1.yml
tags: ["sub1"]
become: yes
become_user: cwagent
### include_tasks (loop)
- name: sub2
include_tasks: sub2.yml
with_items:
- "root"
- "cwagent"
loop_control:
loop_var: loop_item
tags: ["sub2"]
- sub1.yml
- name: sub1_task1 command: id register: result - name: sub1_task1 result debug: var=result.stdout - name: sub1_task2 command: whoami register: result - name: sub1_task2 result debug: var=result.stdout
- sub2.yml
- block:
- name: sub2_item
debug: var=loop_item
- name: sub2_task1
command: id
register: result
- name: sub2_task1 result
debug: var=result.stdout
- name: sub2_task2
command: whoami
register: result
- name: sub2_task2 result
debug: var=result.stdout
become: yes
become_user: "{{ loop_item }}"
tags: ["sub2"]
実行結果
$ ansible-playbook -i hosts main.yml
PLAY [all] ******************************************************************************
TASK [Gathering Facts] ******************************************************************
ok: [test-instance]
TASK [task1] ****************************************************************************
changed: [test-instance]
TASK [task1 result] *********************************************************************
ok: [test-instance] => {
"result.stdout": "uid=1000(ec2-user) gid=1000(ec2-user) groups=1000(ec2-user),4(adm),10(wheel),190(systemd-journal)"
}
TASK [task2] ****************************************************************************
changed: [test-instance]
TASK [task2 result] *********************************************************************
ok: [test-instance] => {
"result.stdout": "ec2-user"
}
TASK [sub1_task1] ***********************************************************************
changed: [test-instance]
TASK [sub1_task1 result] ****************************************************************
ok: [test-instance] => {
"result.stdout": "uid=0(root) gid=0(root) groups=0(root)"
}
TASK [sub1_task2] ***********************************************************************
changed: [test-instance]
TASK [sub1_task2 result] ****************************************************************
ok: [test-instance] => {
"result.stdout": "root"
}
TASK [sub1_task1] ***********************************************************************
[WARNING]: Unable to use /home/cwagent/.ansible/tmp as temporary directory, failing back
to system: [Errno 13] Permission denied: '/home/cwagent'
changed: [test-instance]
TASK [sub1_task1 result] ****************************************************************
ok: [test-instance] => {
"result.stdout": "uid=995(cwagent) gid=993(cwagent) groups=993(cwagent)"
}
TASK [sub1_task2] ***********************************************************************
changed: [test-instance]
TASK [sub1_task2 result] ****************************************************************
ok: [test-instance] => {
"result.stdout": "cwagent"
}
TASK [sub2] *****************************************************************************
included: /private/tmp/ansible-test/sub2.yml for test-instance
included: /private/tmp/ansible-test/sub2.yml for test-instance
TASK [sub2_item] ************************************************************************
ok: [test-instance] => {
"loop_item": "root"
}
TASK [sub2_task1] ***********************************************************************
changed: [test-instance]
TASK [sub2_task1 result] ****************************************************************
ok: [test-instance] => {
"result.stdout": "uid=0(root) gid=0(root) groups=0(root)"
}
TASK [sub2_task2] ***********************************************************************
changed: [test-instance]
TASK [sub2_task2 result] ****************************************************************
ok: [test-instance] => {
"result.stdout": "root"
}
TASK [sub2_item] ************************************************************************
ok: [test-instance] => {
"loop_item": "cwagent"
}
TASK [sub2_task1] ***********************************************************************
changed: [test-instance]
TASK [sub2_task1 result] ****************************************************************
ok: [test-instance] => {
"result.stdout": "uid=995(cwagent) gid=993(cwagent) groups=993(cwagent)"
}
TASK [sub2_task2] ***********************************************************************
changed: [test-instance]
TASK [sub2_task2 result] ****************************************************************
ok: [test-instance] => {
"result.stdout": "cwagent"
}
PLAY RECAP ******************************************************************************
test-instance : ok=25 changed=10 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
import_tasks と include_tasks について
いずれも別ファイルのタスクを読み込む機能ですが、 静的か動的かということで挙動が異なります。 基本的には import 、ループしたい場合は include という感じでしょうか。
- 参考URL
list オプションでの確認例
$ ansible-playbook -i hosts main.yml --list-hosts
playbook: main.yml
play #1 (all): all TAGS: []
pattern: ['all']
hosts (1):
test-instance
$ ansible-playbook -i hosts main.yml --list-tasks
playbook: main.yml
play #1 (all): all TAGS: []
tasks:
task1 TAGS: []
task1 result TAGS: []
task2 TAGS: []
task2 result TAGS: []
sub1_task1 TAGS: [sub1]
sub1_task1 result TAGS: [sub1]
sub1_task2 TAGS: [sub1]
sub1_task2 result TAGS: [sub1]
sub1_task1 TAGS: [sub1]
sub1_task1 result TAGS: [sub1]
sub1_task2 TAGS: [sub1]
sub1_task2 result TAGS: [sub1]
sub2 TAGS: [sub2]
$ ansible-playbook -i hosts main.yml --list-tags
playbook: main.yml
play #1 (all): all TAGS: []
TASK TAGS: [sub1, sub2]
