Several of my playbooks have sub-plays structure like this:
- hosts: sites
user: root
tags:
- configuration
tasks:
(...)
- hosts: sites
user: root
tags:
- db
tasks:
(...)
- hosts: sites
user: "{{ site_vars.user }}"
tags:
- app
tasks:
(...)
In Ansible 1.x both admins and developers were able to use such playbook. Admins could run it with all the tags (root and user access), while developers had access only to the last tag with tasks at user access level. When developers run this playbook with the app tag, gathering facts was skipped for the first two tags. Now however, in Ansible 2.1, it is not being skipped, which causes failure for users without root access.
Is there a mechanism or an easy modification to fix this behaviour? Is there a new approach which should be applied for such cases now?
There is an easy mod – turn off facts gathering and call setup
explicitly:
- hosts: sites
user: root
tags:
- configuration
gather_facts: no
tasks:
- setup:
(...)