sudo and change user

Could you please advise how

usera@serverX:~> sudo su - userb Last login: Fri Nov 17 15:46:48 CET 2017 on pts/1 -bash-4.2$
(note that no password requested above)

translates into ansible ?

More specifically, I would like to login to linux server X as usera then become userb (with the command above), and then execute all the tasks defined in the playbook as userb

The following are configuration options in ansible.cfg:

sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
#remote_user = root
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False

I am having trouble understanding the difference between the above configuration options.

Niko

I think you are looking for become_user

http://docs.ansible.com/ansible/latest/become.html

- name: Run a command as the userb user
  command: somecommand
  become: true
  become_user: userb

as there is no password prompt, and “usera” is not a sudoer, the below will not work.

sudo su - userb is achievable because of PAM auth (meaning LDAP).
I believe that is impossible this issue to be resolved at the playbook level.

I am trying to experiment with -vvvv and the options below, but with not much luck…

sudo_flags has been set to -H

here is some documentation:

sudo_user =
the default user to sudo to

ask_sudo_pass =
this controls whether an Ansible playbook should prompt for a sudo password by default when sudoing

ask_pass =
controls whether an Ansible playbook should prompt for a password by default

remote_user =
This is the default username ansible will connect as for /usr/bin/ansible-playbook. Note that /usr/bin/ansible will always default to the current user if this is not defined

become =
The equivalent of adding sudo: or su: to a play or task, set to true/yes to activate privilege escalation.

become_method =
Set the privilege escalation method. The default is sudo, other options are su, pbrun, pfexec, doas, ksu

become_user =
The equivalent to ansible_sudo_user or ansible_su_user, allows to set the user you become through privilege escalation.

become_ask_pass =
Ask for privilege escalation password, the default is False

sudo_flags =
Note that ‘-n’ will conflict with using password-less sudo auth, such as pam_ssh_agent_auth