From d860a25986950037dd67f20f37dd5af762fcc540 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Tue, 8 Jul 2025 20:11:19 -0500 Subject: [PATCH] Set become method to su Since the host-provisioner connects to remote machines as _root_, it normally doesn't use Ansible's "become" system at all. Some tasks, though, need to to use it to switch to a specific unprivileged user. For those, `doas` is not appropriate, since it doesn't permit root by default. Rather than adjust this configuration, let's switch to `su` which requires no configuration, and does allow root. --- host_provisioner.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/host_provisioner.py b/host_provisioner.py index c6b3f4c..a9560ca 100644 --- a/host_provisioner.py +++ b/host_provisioner.py @@ -63,7 +63,7 @@ def amqp_connect() -> pika.BlockingConnection: def apply_playbook(*args: str) -> None: - cmd = ['ansible-playbook', '-u', 'root'] + cmd = ['ansible-playbook', '-u', 'root', '--become-method', 'su'] cmd += args log.debug('Running command: %s', cmd) subprocess.run(cmd, check=True, stdin=subprocess.DEVNULL)