Though ansible server will run jobs in managed nodes as a root user, we can specify the user account using which the jobs should get executed in the remote nodes. This is done using the remote_user andĀ become_userĀ parameters.
There is a major difference between the two parameters:
- remote_user: When this parameter is used in a playbook, the ansible will try to access the remote node as the specified user instead or root. Here is the remote_user is “user1”, then the control node should be able to ssh to managed node via “user1”
- become_user: Here the ansible control node will access the managed node (via ssh) as “root” (by default) and once connected, will run commands as a specified user.
In the below playbook, we are going to create a playbook that calls two other playbooks. The main playbook called “master_pb.yml” will first call a playbook called “create_user.yml” which creates a user named “user1” and then the second playbook named “create_file.yml” will crate a file using the user “user1”.
In the managed node is “centosMYOBvm” let us check if the user “user1” exists, and if any file is present in the user’s home directory:
[root@centosMYOBvm ~]# ls -ltr /home/user1/
ls: cannot access ‘/home/user1/’: No such file or directory
==== ====
Let us create the two playbooks now
[root@centos9vm ~]# cat create_user.yml
==== ===
– – –
– name: Playbook to create a user names user1
hosts: testONE
tasks:
– name: A task to create a new user
ansible.builtin.user:
name: user1
comment: User 1
groups: webadmin
==== ===
[root@centos9vm ~]# cat create_file.yml
==== ==
– – –
– name: Playbook to create a file using user1
hosts: testONE
become_user: user1
become: true
tasks:
– name: Create a file
ansible.builtin.file:
name: /home/user1/tom.txt
state: touch
==== ===
Now let us create the master playbook.
[root@centos9vm ~]# cat master_pb.yml
===== ===
– – –
– name: Import the playbook create_user.yml
import_playbook: create_user.yml
– name: Import the playbook create_file.yml
import_playbook: create_file.yml
==== ===
Let us execute the playbook
[root@centos9vm ~]# ansible-navigator run -m stdout master_pb.yml
=== ===
PLAY [Playbook to create a user names user1] ***********************************
TASK [Gathering Facts] *********************************************************
ok: [192.168.48.129]
TASK [A task to create a new user] *********************************************
ok: [192.168.48.129]
PLAY [Playbook to create a file using user1] ***********************************
TASK [Gathering Facts] *********************************************************
[WARNING]: Module remote_tmp /home/user1/.ansible/tmp did not exist and was
created with a mode of 0700, this may cause issues when running as another
user. To avoid this, create the remote_tmp dir with the correct permissions
manually
ok: [192.168.48.129]
TASK [Create a file] ***********************************************************
changed: [192.168.48.129]
PLAY RECAP *********************************************************************
192.168.48.129 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
=== ===
As the playbook executed successfully, let us verify the file that is created and the owner of that file.
[root@centosMYOBvm ~]# ls -ltr /home/user1/
total 0
-rw-r–r–. 1 user1 user1 0 Jun 14 11:42 tom.txt