Playbook:

- hosts: all
  gather_facts: no
  remote_user: root
  roles:
  - { role: test_become_r2, sudo_user: testing }
  tasks:
  - command: whoami
  - command: whoami
    become_user: testing
  - block:
    - command: whoami
  - block:
    - command: whoami
    become_user: testing

The roles are simple, r2 lists r1 as a dependency, and both simply do:

- debug: msg="..."
- command: whoami

Output:

TASK [test_become_r1 : debug msg=this is test_become_r1] ************************
ok: [localhost] => {
    "msg": "this is test_become_r1", 
    "changed": false
}

TASK [test_become_r1 : command] *************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:13:38.894205", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:13:38.891473", "delta": "0:00:00.002732", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [test_become_r2 : debug msg=this is test_become_r2] ************************
ok: [localhost] => {
    "msg": "this is test_become_r2", 
    "changed": false
}

TASK [test_become_r2 : command] *************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:13:39.465954", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:13:39.463465", "delta": "0:00:00.002489", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.156469", "stdout": "root", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.153427", "delta": "0:00:00.003042", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["root"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.346618", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.344034", "delta": "0:00:00.002584", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.525066", "stdout": "root", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.522358", "delta": "0:00:00.002708", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["root"], "warnings": []}

TASK [command] ******************************************************************
changed: [localhost] => {"changed": true, "end": "2015-03-20 13:46:57.808344", "stdout": "testing", "cmd": ["whoami"], "start": "2015-03-20 13:46:57.805680", "delta": "0:00:00.002664", "stderr": "", "rc": 0, "invocation": {"module_name": "command", "module_args": {"_raw_params": "whoami"}}, "stdout_lines": ["testing"], "warnings": []}

All four whoami commands with become_user specified correctly switched privileges to the specified user. The role specifying sudo_user also switched all tasks to the new user too (as well as for the dependencies). This will make grouping commands with common privilege escalation needs much easier!

hostmaster/gist:50ca3ccf5f4ee7f81330

Select an option

No results found

Select an option

No results found

Playbook:

Output: