Reputation: 2492
What is difference between using sudo in playbook and task?
If I would like install something using e.g apt I can create playbook:
- hosts: xxx
roles:
- my-role
And in tasks/main.yml in role:
- name: install something
sudo: yes
apt: "name=something state=installed"
But, I can add sudo in playbook:
- hosts: xxx
sudo: yes
roles:
- my-role
And remove it from tasks:
- name: install something
apt: "name=something state=installed"
Both solutions work, but which solution is better? Is difference between this solutions? Pros? Cons?
Upvotes: 0
Views: 339
Answers (1)
Reputation: 9344
You should consider the principle of least privilege. A user or a process should have the lowest level of permissions needed to accomplish a designated task. For example, if all you need to do is to upload a file into your home directory, doing it as root is an overkill. If you want to push a new application version, do it as a web user rather than root.
When you specify sudo: at a playbook level, all tasks underneath will run at that (potentially unnecessary) permission level. Whereas if you specify it at task: level, only that specific task will run as root.
Upvotes: 6
Related Questions
- What is difference between running the commands ansible and ansible-playbook
- "sudo ansible-playbook" command fails even with --user option
- user vs sudo vs sudo_user in ansible playbooks
- Why do my sudo commands work with ansible but not with ansible-playbook?
- How can I run commands in sudo mode with ansible playbook?
- sudo error when running playbook in ansible
- Can't run sudo command in Ansible playbook
- Ansible: playbooks and roles difference
- Executing the tasks with sudo privileges in ansible playbook
- run ansible playbook with sudo