2

I tried to use the escalation feature of Ansible to run a specific task within a role as an unprivliged user, but the task still executed by the root user with which I execute my playbook calling the role. My problem is related to the creation of a new DATABASE on DB2 for LUW after installing and configuring the DB2 product using the root user on the same role. I have a shell script which creates a new DATABASE, but should be run as db2inst1 (not root). I tried with become, become_user and become_method as suggested on the official Ansible docs and some threads here on stackoverflow.

Here is an extract of my Ansible role:

 - name: Execution of the creation script
   become: yes
   become_method: su
   become_user: db2inst1
   shell: /home/CreateDb.sh TESTDB

OR:

 - name: Creation of a test DB
   script: CreateDb.sh TESTDB
   become: yes
   become_method: su
   become_user: db2inst1

I have also added this line to my ansible.cfg :

allow_world_readable_tmpfiles=True

I have also upgraded Ansible package from 2.0.1 to 2.1; but this has no effect and the task still run as root.

I run my playbook as follow:

ansible-playbook playbooks/db2-test.yml -u root -k

I don't know what I am missing; plase help me.

Thanks in advance!

Agdmoun khalid
  • 21
  • 2

1 Answers1

0

It is important to distinguish between the user ansible connects to the target machine as and the user the task runs as (becomes). Both of the examples you pasted (script module and shell module) look roughly correct. What are the indications you see that those tasks are still running as root? I would add -vvvv to your ansible-playbook run to see what ansible is doing in higher detail, including user information.

tphummel
  • 166
  • 5
  • Thanks for the feedback; the syntax I used here is correct. The problem was that the executed script "CreateDb.sh" wasn't correct enough to be launched remotely with ansible. I had to apply some changes on the script so that it works. – Agdmoun khalid Jun 20 '16 at 13:55