What user will Ansible run my commands as?

You may find it useful to read the Hosts and Users section on Ansible's documentation site:

http://docs.ansible.com/playbooks_intro.html#hosts-and-users

In summary, ansible will run all commands in a playbook as the user specified in the remote_user variable (assuming you're using ansible >= 1.4, user before that). You can specify this variable on a per-task basis as well, in case a task needs to run as a certain user.

Use sudo: true in any playbook/task to use sudo to run it. Use the sudo_user variable to specify a user to sudo to if you don't want to use root.

In practice, I've found it easiest to run my playbook as a deploy user that has sudo privileges. I set up my SSH keys so I can SSH into any host as deploy without using a password. This means that I can run my playbook without using a password and even use sudo if I need to.

I use this same user to do things like cloning git repos and starting/stopping services. If a service needs to run as a lower-privileged user, I let the init script take care of that. A quick Google search for a node.js init.d script revealed this one for CentOS:

https://gist.github.com/nariyu/1211413

Doing things this way helps to keep it simple, which I like.

Hope that helps.


My 2 cents:

  1. Ansible uses your local user (eg Mike) to ssh to the remote machine. (That required Mike to be able to ssh to the machine)
  2. From there it can change to a remote user if needed
  3. It can also sudo if needed and if Mike is allowed. If no user is specified then root will be selected via your ~/.ansible.cfg on your local machine.
  4. If you supply a remote_user with the sudo param then like no.3 it will not use root but that user.

You can specify different situations and different users or sudo via the playbooks.

Playbook's define which roles will be run into each machine that belongs to the inventory selected.

I suggest you read Ansible best practices for some explanation on how to setup your infrastructure.

Oh and btw since you are not referring to a specific module that ansible uses and your question is not related to python, then I don't find any use your question having the python tag.


Just a note that Ansible>=1.9 uses privilege escalation commands so you can execute tasks and create resources as that secondary user if need be:

- name: Install software
  shell: "curl -s get.dangerous_software.install | sudo bash"
  become_user: root

http://docs.ansible.com/ansible/become.html#become-privilege-escalation