Notify handler as different user
49 views
Skip to first unread message
Wei Yen Lee
Mar 23, 2014, 1:00:20 PM3/23/14
to ansible...@googlegroups.com
Hi,
Long-time lurker, first time poster. First off, thanks for this excellent project.
I'd like to know, is it possible to run the 'notify' handler as a different user from the task which notified it? E.g.
---
# deploy.yml
- hosts: webservers
remote_user: project_user
roles:
- webapp
---
# webapp/tasks/main.yml
# This should be run as project_user
- name: Pull sources from the repository.
git: repo={{project_repo}}
dest={{project_root}}
version={{branch}}
notify:
- Restart supervisord
---
# webapp/handler/main.yml
# This should be run as root
- name: Restart supervisord
supervisorctl: name={{ item }}
state=restarted
with_items:
- celeryd
- celerybeat
If it's not possible, what's the best way to structure the project?
Thanks in advance!
Marko Lisica
Mar 24, 2014, 11:07:42 AM3/24/14
to ansible...@googlegroups.com
Hello,
Have you just tried? : D .
I have tried it like this
- name: restart nginx
service: name=nginx state=restarted
sudo_user: username
But have in mind that user must have permissions for the service.
Have you just tried? : D .
I have tried it like this
- name: restart nginx
service: name=nginx state=restarted
sudo_user: username
But have in mind that user must have permissions for the service.
Marko Lisica
Mar 24, 2014, 11:15:13 AM3/24/14
to ansible...@googlegroups.com
P.S.
Im sorry for "spamming", I have just tried the handler with sudo_user option to check if Ansible will call it. You cannot restart nginx as non root user.
Im sorry for "spamming", I have just tried the handler with sudo_user option to check if Ansible will call it. You cannot restart nginx as non root user.
Michael DeHaan
Mar 24, 2014, 11:19:06 AM3/24/14
to ansible...@googlegroups.com
Yep, and if you are not wanting to use sudo, you can set "remote_user" instead.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/922d3715-bf71-419d-a138-8465bda26564%40googlegroups.com.--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
Wei Yen Lee
Mar 25, 2014, 11:39:54 AM3/25/14
to ansible...@googlegroups.com
Holy crap, I can't believe I didn't try that earlier.
In my case, because project_user does not have root, I had to call remote_user instead.
---
# webapp/handler/main.yml
# This should be run as root
- name: Restart supervisord
supervisorctl: name={{ item }}
state=restarted
remote_user: <user_with_sudo_privilege>
sudo: True
with_items:
- celeryd
- celerybeat
Thanks a lot guys!
Reply all
Reply to author
Forward
0 new messages