Hello,
In my playbook I am using become for one tasks only, i.e.:
`
- name: Create ECP Virtual Directory
`
exch_ecp_virtualdirectory:
identity: ‘{{ ansible_hostname }}\ecp ({{ site }})’
path: ‘{{ folder }}\ecp’
state: present
role: ClientAccess
ECPproperties:
AdfsAuthentication: true
BasicAuthentication: false
DigestAuthentication: false
FormsAuthentication: false
WindowsAuthentication: false
AdminEnabled: false
InternalUrl: null
ExternalUrl: null
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_user: "{{ exchange_admin_user }}
The playbook is used to configure MS Exchange and become is used to get rid of double hop authentication issue.
When I using it with Ansible, I log on ansible host, receive kerberos ticket for my account and run ansible-playbook with --ask-become-pass.
What is the best way to implement the same scenario in AWX? i.e. I have machine credentials which I associate with Job template and AWX/Ansible will use them to receive kerberos ticket, connect to Windows nodes and run most of the tasks. But how can I provide the credentials for this task which uses become within AWX? If I specify parameters of Privilege Escalation Method for machine credentials will the be applied for the all tasks or just this one which explicitly uses become ?
I want to avoid using Ansible valult in this case.
Thank you.