by
tags:

Calling the ansible setup module in a task is bad for you....

So I was wondering around my code trying to figure out why the Hell is Ansible deciding for me to stay sudo after I am explicitly telling him I want to be regular user. I mean really, I did become: yes for some tasks, but than I would really would like to return to being a regualr user and would love to have control over it. I was sure I am missing something as it sounds very basic to me 😳.

Therefore, after being exhausted and calling it a day, on the next day I decided to make me a cup of coffee and figure out what is going wrong.

10 minutes later, being very focused, I find that a role I am running (copied from someone else which deserves it's own post for it's curated perils) uses sudo for a whole play and inside that play there is a task that runs the setup module to refreshes facts. YES in the play a task that changes everything and under the identity of a sudo. that means all facts for my whole playbook run are now those of root thus I can't do anything as regular user.

Bottom line

So - as a good rule of thumb - don't call setup from a task.

But if you have to, make sure you do it with the remote user and not sudo.

In order to acheive that you can move the become: instruction from the whole play to specific tasks, and NEVER EVER EVER run setup: with become: yes!!!!

LOVE AND FREEDOM FOR ALL!!!!