Do not become, even if the play that calls the role has become: yes.

robertdebock · Feb 7, 2022 · c7cc6d4 · flybyray · Feb 15, 2022 · tuxpeople
1 parent 590f15a
commit c7cc6d4
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -13,7 +13,12 @@ This example is taken from `molecule/default/converge.yml` and is tested on each
 ---
 - name: Converge
   hosts: all
-  become: yes
+  # This role installs packages using the `raw` module and needs to connect as
+  # `root`. (`sudo` is not available before bootstrapping.)
+  become: no
+  # This role installs python, gathering facts can't be done before `python` is
+  # installed. This role runs the `setup` module, so facts will be available
+  # after running the role.
   gather_facts: no
 
   roles:
@@ -29,9 +34,6 @@ The default values for the variables are set in `defaults/main.yml`:
 ---
 # defaults file for bootstrap
 
-# The user to use to connect to machines.
-bootstrap_user: root
-
 # Do you want to wait for the host to be available?
 bootstrap_wait_for_host: no
 
@@ -57,6 +59,7 @@ This role has been tested on these [container images](https://hub.docker.com/u/r
 
 |container|tags|
 |---------|----|
+|alpine|all|
 |amazon|Candidate|
 |el|7, 8|
 |debian|all|

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -1,7 +1,12 @@
 ---
 - name: Converge
   hosts: all
+  # This role installs packages using the `raw` module and needs to connect as
+  # `root`. (`sudo` is not available before bootstrapping.)
   become: no
+  # This role installs python, gathering facts can't be done before `python` is
+  # installed. This role runs the `setup` module, so facts will be available
+  # after running the role.
   gather_facts: no
 
   roles:

diff --git a/tasks/gather_facts.yml b/tasks/gather_facts.yml
@@ -17,6 +17,7 @@
     - bootstrap_facts.rc == 0
     - bootstrap_distribution is not defined
     - bootstrap_facts.stdout is regex('PRETTY_NAME=.'~ bootstrap_search[item] | default(item) ~'.*')
+  become: no
 
 - name: set bootstrap facts (II)
   ansible.builtin.set_fact:
@@ -26,3 +27,4 @@
     label: "{{ item.key }}"
   when:
     - bootstrap_distribution in item.value
+  become: no
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -10,9 +10,7 @@
   ansible.builtin.wait_for:
     port: "{{ ansible_port | default('22') }}"
     timeout: "{{ bootstrap_timeout }}"
-    # host: "{{ ansible_ssh_host | default(ansible_host) | default(inventory_hostname) }}"
-  # connection: local
-  # become: no
+  become: no
   when:
     - ansible_connection is defined
     - ansible_connection not in [ "container", "docker", "community.docker.docker" ]
@@ -38,6 +36,8 @@
            bootstrap_os_family in [ "Alpine", "Archlinux", "Gentoo" ]) or
           (bootstrap_install.stdout_regex not in bootstrap_install_packages.stdout and
            bootstrap_os_family in [ "Debian", "RedHat", "Rocky", "Suse" ])
+  become: no
+
 
 - name: ensure system is prepared
   block:
@@ -49,3 +49,4 @@
         name: "{{ item }}"
         state: present
       loop: "{{ bootstrap_facts_packages.split() }}"
+  become: no