Running Ansible task as a specific user
Solution 1:
You're misunderstanding both settings there:
remote_user is an Ansible setting that controls the SSH user Ansible is using to connect:
ssh ${REMOTE_USER}@remotehost
someusername ALL=(ALL) NOPASSWD:ALL is a sudo configuration that allows the user
someusername
to execute all commands in any host without a password. It does not allow anyone to issue commands assomeusername
though.
Ideally, you would login directly as the right user and that's what remote_user
is all about. But usually you are only able to login as an administrative user (say, ubuntu
) and have to sudo commands as another user (let's say scrapy
). Then you should leave remote_user
to the user that logs in and the add the following ansible properties to the job:
- name: log in as ubuntu and do something as scrapy
remote_user: ubuntu
sudo: true
sudo_user: scrapy
shell: do-something.sh
Solution 2:
Note that after Ansible 1.9, the sudo
wording was replaced with become
, thus
sudo: yes
sudo_user: some_user
becomes (pun intended):
become: yes
become_user: some_user
See more specifics here: https://stackoverflow.com/a/22749788/402727
Also write this before the actual module (e.g. command
or shell
) you want to execute for it to take effect. At least in my experience it didn't work correctly if I have written become
and become_user
after the shell
module.
- name: Example user change
become: true
become_user: '{{ user }}'
shell: |
...