I’m struggling getting Ansible to run commands under the proper user and I have a feeling it’s due to my misunderstanding of how things are working.
For example, I’m provisioning a vagrant box, and in my inventory file I have declared ansible_ssh_user=vagrant as well as ansible_ssh_private_key to use vagrant insecure_private_key. All has been working fine, but for a particular command (synchronize) I want it to run as a different user altogether. I only seem to be able to run commands as the vagrant user or as root. The user I want to run the command as does not have a ssh key nor does it have sudo privileges.
Am I doing things all backwards or missing something simple here?
The user you’re running ansible as needs to have privileges to run commands as your target user. In your use case, this is likely taken care of if you’re using one of the standard vagrant boxes.
If you need to override the default sudo user for a command, you can do this:
- name: run this command as the foo user
sudo_user: foo
command: /path/to/command
Synchronize is a very special module in this context. It tries to be “smart” about determining the remote user based on an order of preference and other factors such as sudo. Could you show us the inventory file, the playbook and the ansible-playbook -vvvv output ? Setting “remote_user: bob” on the synchronize task may fix it, but I’d really need to see what you have first to be sure.
You're not telling ansible to connect as that user *and then* sudo. Rather,
you're telling ansible to use the vagrant user (as always), and then issue
something equivalent to this: