postgresql_user module failed to authenticate as postgres when set ansible_become

Archives Ansible Project
1

Hi guys,

I have a task to create postgresql user as follow:

`

  • name: Create database user
    postgresql_user: >
    name=“{{ db_user }}”
    password=“{{ db_pass }}”
    encrypted=yes
    role_attr_flags=“NOSUPERUSER,NOCREATEDB,NOCREATEROLE,INHERIT,LOGIN”
    sudo_user: postgres
    sudo: yes
    tags:
  • postgres

`

This task can successfully create user as expected. I also captured a syslog:

2016-03-30T11:46:01.690552+02:00 db sudo: root : TTY=pts/2 ; PWD=/root ; USER=postgres ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-peojtdazxizsqojlbrozgxmwzmztqcwa; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /tmp/ansible-tmp-1459397861.99-46152503652180/postgresql_user

But when I set these variables in group_vars/all:

ansible_become: yes ansible_become_user: root ansible_become_method: sudo

Above task failed to run with message from postgresql:

msg: unable to connect to database: FATAL: Peer authentication failed for user "postgres"

Syslog message as follow:

2016-03-30T11:11:08.739388+02:00 db sudo: root : TTY=pts/2 ; PWD=/root ; USER=root ; COMMAND=/bin/sh -c echo BECOME-SUCCESS-vvxlieenoiilppjbzaodouktzfzonxpf; LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1459398169.76-216558803101428/postgresql_user; rm -rf /root/.ansible/tmp/ansible-tmp-1459398169.76-216558803101428/ >/dev/null 2>&1

As you can see, the difference is USER variable between two runs.

Current setting of pg_hba.conf file:

`
local all postgres peer
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5

`

Environment:

Ansible host: Debian Jessie
Ansible version:1.9.4
Remote host: SLES 12

Can anyone explain for me this case?

2

Expected as this ansible_become_user: root overrides your sudo_user: postgres so you are running it as root.

3

Hi Brian,
Is there any way to make directives set in task level like mine gets override such directives set in group_vars or host_vars?

4

directives and vars are different things, connection vars override directives. connection vars do follow normal var precedence, so you can override the inventory values in the play several ways.