For a single task I need to NOT become root, so I added “become: False” to that task. By a lot of debugging I found out that inventory options are always preferred over task options. Is this expected behaviour? Why would you want to have this?
connection and privilege escalation variables in inventory override
play/task ones because we consider the host information to be more
specific and the only way to handle scenarios in a heterogeneous setup
in which the login/sudo/su information is different from host to host.
It is rare to see ansible_become=yes in the vars, but that might be
needed in some cases, most users would set it in ansible.cfg to allow
for easy override at play/task level.
For that task you might just need to override ansible_become in the play.
I thought about first using whoami on the remote machine to ensure we’re not root. But you’d have to be more general than comparing with “root” because people might become some other user as well. This approach could work if there’s some way in the task to read out ansible_become_user (which is, to some extent, the generalization of “root”).