Ansible user privilege and application location

Archives Ansible Project
1

Hi all,

I am trying to deploy kubernetes using ansible playbooks. In this, I have quite a few doubts and problems. Can anyone please help me understand the following concepts or doubts?

  1. When to use/not use remote_user and what is the purpose of this?
  2. When trying to use sudo equivalent ‘become’ in ansible playbook, do we need to use become_user with its default user ‘root’ or the normal sudoer user? Why not use the normal user with sudo privileges as become_user?
  3. When we use become, everything we install and/or create directory and files tend to be under root directory. But when we use sudo in the command line, these files and directory are local to the sudoer user.
    3.1 What is the correct way to use this? In my scenario, kubernetes generated files and directories are under /root/ directory as I used ‘become’.

Can anyone please shed some light on these things and also point to the best practices?

Thank you and kind regards,
Indirajith.

2

1. remote_user is the 'user you log in as' on the remote, mostly used
by ssh and similar connection plugins
2. When using sudo (substitute user do) 'the current user' (normally
remote/login in user) BECOMES the 'substitute user' to run a
command(s), that is what become_user allows you to specify. This is
what normally happens: sudo -u <become_user> <command> (by default
sudo will use `-u root` if you omit -u)
3. That means you did not change to 'user home' aka `~/` or `$HOME`
(also happens when you `cd` without an argument), Ansible, by default,
operates on the "current effective user"'s home to handle permissions,
as you can become users other than root and those normally cannot
write to the remote/login user's home