Comments (6)
An interesting request. I tend to prefer judicious use of become:
at the task-level, but it seems to go against the grain of most of the Ansible community. Can you explain your use case in more depth, @coreoas?
from stouts.openvpn.
Well, as of right now, I have to run the whole role as root, because within the role, things like the package installs aren't run with "become".
I agree with you; I'd rather just the tasks that need privileges use "become", but, when calling the role (if I want to not edit the role, which I don't), I had to use become at the play level because:
TASK [Stouts.openvpn : Install requirements (Debian)] **************************
failed: [54.210.29.69] (item=[u'openvpn', u'udev', u'openssl', u'zip']) => {"cmd": "apt-get update", "failed": true, "item": ["openvpn", "udev", "openssl", "zip"], "msg": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)\nE: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?", "rc": 100, "stderr": "W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)\nE: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)\nE: Unable to lock directory /var/lib/apt/lists/\nW: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)\nW: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)\nE: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)\nE: Unable to lock the administration directory (/var/lib/dpkg/), are you root?\n", "stdout": "", "stdout_lines": []}
from stouts.openvpn.
Is there any benefit in doing this? Is it just a matter of not wanting to add become: yes
to the play level?
from stouts.openvpn.
My personal experience has been that having a per-task become is better than doing one for the entire play because I have found it is A) more explicit (pythonically, explicit > implicit), and because there are a number of times when it is preferable to not run everything as root. So I don't like the habit of just using "become" at the play level when calling a role.
It is, however, personal preference and I'm sure there are effective arguments on the other side, so .
from stouts.openvpn.
Ok, I 'll see if I can pinpoint the tasks that need become: yes
.
from stouts.openvpn.
Actually, looking at the tasks the role runs, 90% of the tasks need to be run as root. If I am wrong, please correct me. I don't think it is worth making the code more verbose and the work hours to implement this.
from stouts.openvpn.
Related Issues (20)
- Conditional check fails HOT 4
- comp-lzo option deprecated HOT 1
- Task 'Setup bridge' not executed when 'openvpn_bridge' is populated
- Upload inline scripts fails HOT 1
- openvpn_tls_key not included in client zip files
- Fail when no openssl.cfn file in easy-rsa HOT 2
- [Bug] ip_forward not configured
- No more client revocation feature HOT 2
- [Feature] Send credentials by mail
- [Bug] openvpn_tls_key file is read before creation HOT 5
- Failed to initialise openvpn-auth-ldap.so plugin
- 'auth-client.sh HOT 1
- I have error in log with execve HOT 3
- Restart network HOT 2
- Client/Server question for client.zip and error client HOT 1
- [bug] - if true where are user and password in the client?
- CLR
- Prevent creation of network bridge
- Revoking users
- on readme support debian 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stouts.openvpn.