Commit 6b42daca authored by Florian Haas's avatar Florian Haas
Browse files

Use owner with template, rather than become with an unprivileged user

When connecting to a host as an unprivileged user, using "become"
to become *another* unprivileged user can be problematic. Since
we were using the unprivileged taiga_user in two instances only
so we could drop a file as that user, become root instead and let
it drop the file as owned by taiga_user instead.

Reference:
https://docs.ansible.com/ansible/latest/user_guide/become.html#becoming-an-unprivileged-user
parent bdafc288
- name: add taiga to systemd
become: true
become_user: "{{ taiga_user }}"
become_user: root
template:
mode: "0644"
owner: "{{ taiga_user }}"
src: "{{ item }}.service.j2"
dest: "/etc/systemd/system/{{ item }}.service"
with_items:
......
......@@ -41,9 +41,10 @@
- name: add taiga to nginx
become: true
become_user: "{{ taiga_user }}"
become_user: root
template:
mode: '0644'
owner: "{{ taiga_user }}"
src: taiga.conf.j2
dest: "/etc/nginx/conf.d/taiga.conf"
notify:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment