Conditionals in sudo

[Rajagopal V]

Hi,

(Originally posted to Ansible Dev by mistake)

Im a newbie trying to automate a few commands across boxes using Ansible. 

I would like the sudo command on certain tasks to be conditional, so depending on the node, I'd like to turn on sudo or not. For e.g.  I have a development machine (my laptop) and a stage server where I need certain sets of commands to be run. On the dev machine, I dont need any of the commands to be run as sudo but need them to run as sudo on the stage server. 

I thought something like

- hosts: all

  tasks:

  - name: Execute Command X

    command: Command X

    sudo: inventory_hostname != 'localhost'

My Hosts file contains entries like

localhost

demo7  ansible_ssh_host=... ansible_ssh_port=.. 

would make the task not run as sudo on "localhost" (my dev machine) but would run with sudo on the other nodes. Unfortunately, this doesnt happen and it always treats this as sudo: False.

Is it possible to have conditionals in sudo ?

UPDATE: Looking through the source, this doesn't seem to be the case. The Expression doesnt seem to be evaluated and sent directly to utils.boolean.

Is there any other way of achieving this goal other than running every task twice -- once with sudo and once without.

Thanks

Raja

[Tom Bamford]

Hi Raja

I struggled with this, and the approach I settled with is to duplicate the task, having one with the 'sudo:' parameter and one without, and each having a 'when:' conditional.

- command: something
  sudo: yes
  when: env == 'development'

- command: something
  when: env != 'development'

Hope this helps

Tom

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/cd3109da-57f5-4c0a-9812-29742c81726b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Greg Andrews]

I wonder if inventory variables might do what you need.  Have a look at the Ansible docs page for them here, especially the part of the page starting with "Host Variables", but also the descriptions of files in host_vars and group_vars directories starting with "Splitting Out Host and Group Specific Data".  One thing that's not mentioned in the page is that the "host_vars/all" file will set variables for all hosts.

I haven't checked to see if the "sudo: yes" flag can be controlled in these ways.  If it can, then this approach could be better than running tasks twice.

  -Greg

--