sudo/become at playbook level vs. task level

[discopatrick]

Phansible is currently generating projects that have sudo: true at the playbook level, but also many instances of sudo: yes at the task level.

As far as I know, sudo: true at the playbook level will automatically make all tasks in that playbook run as sudo, unless overridden per task with sudo: false or sudo: no. This makes redundant the many instances of sudo: yes at the task level. Perhaps they should be removed.

Alternatively, and this is my preference - sudo should only ever be defined at the task level. This is because, if a task is possible to achieve without becoming root, I'd rather do it as the vagrant user, and only elevate to root if absolutely necessary. In this case, sudo: true should be removed from playbook.yml.

[debo]

Hi @discopatrick that is accurate and I do agree with you. The reason why sudo: yes, and soon become: yes, are still there is mostly legacy. We are going through the process as you might have seen to decouple the playbooks in isolated repo and we mainly focused initially on quality and testing (work in progress there). Now that we have at least the very bare minimum amount of CI tasks running with idempotency check we can, moving forward, surely improve the quality of our playbooks and address the issue you raised. I hope that clarifies better the current status.

[discopatrick]

Thanks for the reply, and the great explanation.

[debo]

And thanks to you for the input, always appreciated.