Conditionals in sudo

Hi,
(Originally posted to Ansible Dev by mistake)

Im a newbie trying to automate a few commands across boxes using Ansible.

I would like the sudo command on certain tasks to be conditional, so depending on the node, I’d like to turn on sudo or not. For e.g. I have a development machine (my laptop) and a stage server where I need certain sets of commands to be run. On the dev machine, I dont need any of the commands to be run as sudo but need them to run as sudo on the stage server.

I thought something like

  • hosts: all
    tasks:
  • name: Execute Command X
    command: Command X
    sudo: inventory_hostname != ‘localhost’

My Hosts file contains entries like
localhost
demo7 ansible_ssh_host=… ansible_ssh_port=…

would make the task not run as sudo on “localhost” (my dev machine) but would run with sudo on the other nodes. Unfortunately, this doesnt happen and it always treats this as sudo: False.

Is it possible to have conditionals in sudo ?

UPDATE: Looking through the source, this doesn’t seem to be the case. The Expression doesnt seem to be evaluated and sent directly to utils.boolean.
Is there any other way of achieving this goal other than running every task twice – once with sudo and once without.

Thanks
Raja

Hi Raja

I struggled with this, and the approach I settled with is to duplicate the task, having one with the ‘sudo:’ parameter and one without, and each having a ‘when:’ conditional.

  • command: something
    sudo: yes
    when: env == ‘development’

  • command: something
    when: env != ‘development’

Hope this helps

Tom

I wonder if inventory variables might do what you need. Have a look at the Ansible docs page for them here, especially the part of the page starting with “Host Variables”, but also the descriptions of files in host_vars and group_vars directories starting with “Splitting Out Host and Group Specific Data”. One thing that’s not mentioned in the page is that the “host_vars/all” file will set variables for all hosts.

I haven’t checked to see if the “sudo: yes” flag can be controlled in these ways. If it can, then this approach could be better than running tasks twice.

-Greg