Ansible : Running jobs as a specific user

Ansible_Logo

Though ansible server will run jobs in managed nodes as a root user, we can specify the user account using which the jobs should get executed in the remote nodes. This is done using the remote_user and become_user parameters.

There is a major difference between the two parameters:

  • remote_user: When this parameter is used in a playbook, the ansible will try to access the remote node as the specified user instead or root. Here is the remote_user is “user1”, then the control node should be able to ssh to managed node via “user1”
  • become_user: Here the ansible control node will access the managed node (via ssh) as “root” (by default) and once connected, will run commands as a specified user.

In the below playbook, we are going to create a playbook that calls two other playbooks. The main playbook called “master_pb.yml” will first call a playbook called “create_user.yml” which creates a user named “user1” and then the second playbook named “create_file.yml” will crate a file using the user “user1”.

In the managed node is “centosMYOBvm” let us check if the user “user1” exists, and if any file is present in the user’s home directory:

[root@centosMYOBvm ~]# ls -ltr /home/user1/
ls: cannot access ‘/home/user1/’: No such file or directory

==== ====

Let us create the two playbooks now

[root@centos9vm ~]# cat create_user.yml

==== ===
– – –
– name: Playbook to create a user names user1
    hosts: testONE
    tasks:
        – name: A task to create a new user
            ansible.builtin.user:
                name: user1
                comment: User 1
                groups: webadmin

==== ===

[root@centos9vm ~]# cat create_file.yml

==== ==
– – –
– name: Playbook to create a file using user1
    hosts: testONE
    become_user: user1
    become: true
    tasks:
        – name: Create a file
            ansible.builtin.file:
                name: /home/user1/tom.txt
                state: touch

==== ===

Now let us create the master playbook.

[root@centos9vm ~]# cat master_pb.yml

===== ===
– – –
– name: Import the playbook create_user.yml
    import_playbook: create_user.yml

– name: Import the playbook create_file.yml
    import_playbook: create_file.yml

==== ===

Let us execute the playbook

[root@centos9vm ~]# ansible-navigator run -m stdout master_pb.yml

=== ===

PLAY [Playbook to create a user names user1] ***********************************

TASK [Gathering Facts] *********************************************************
ok: [192.168.48.129]

TASK [A task to create a new user] *********************************************
ok: [192.168.48.129]

PLAY [Playbook to create a file using user1] ***********************************

TASK [Gathering Facts] *********************************************************
[WARNING]: Module remote_tmp /home/user1/.ansible/tmp did not exist and was
created with a mode of 0700, this may cause issues when running as another
user. To avoid this, create the remote_tmp dir with the correct permissions
manually
ok: [192.168.48.129]

TASK [Create a file] ***********************************************************
changed: [192.168.48.129]

PLAY RECAP *********************************************************************
192.168.48.129 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

=== ===

As the playbook executed successfully, let us verify the file that is created and the owner of that file.

[root@centosMYOBvm ~]# ls -ltr /home/user1/
total 0
-rw-r–r–. 1 user1 user1 0 Jun 14 11:42 tom.txt