Howdy! New Ansible user.
I’m writing a number of playbooks for a company I just joined. Some of them run as a local user. A few of them run as a local user on a remote machine. The vast majority of them run on a remote server and require superuser permissions.
What is the best practice around using ‘become’? Ideally, I would like to at the start of the task specify a become in the role, and have everything under that run with ‘become’ … unfortunately, it seems that this is limited to the task level, and I can’t even specify a ‘become’ along with an ‘include’ such that every task included runs with ‘become’.
I realize that there’s global config file permissions, and by-run configurations that I can specify on the command line to make sure that these things get set. I’m trying to automate this and prompt as much as possible because (as you gathered) some of these roles are intended to be run by less technical or developer-type users in the course of deployments.
Is there a way to specify ‘become’ as part of a ‘role’ or an ‘include’ type of setup such that every task from then on is run using ‘become: yes’? Have I simply missed this in the docs? If not, should there be?
Thanks,
Karl