Drop privilege at block level
Apparently `local_action` and `delegate_to` handle `become: false` differently. The later ignored it when it was done at task level.pull/25/head
Marcus Meurs
parent
6118217734
commit
f3c9d6d2d0
|
|
@ -9,6 +9,13 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
zerotier_node_id: "{{ nodeid.stdout }}"
|
zerotier_node_id: "{{ nodeid.stdout }}"
|
||||||
|
|
||||||
|
when:
|
||||||
|
- zerotier_accesstoken is defined
|
||||||
|
- not ansible_check_mode
|
||||||
|
tags:
|
||||||
|
- configuration
|
||||||
|
|
||||||
|
- block:
|
||||||
- name: Authorize members to network
|
- name: Authorize members to network
|
||||||
uri:
|
uri:
|
||||||
url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}"
|
url: "{{ zerotier_api_url }}/api/network/{{ zerotier_network_id }}/member/{{ zerotier_node_id }}"
|
||||||
|
|
@ -21,7 +28,6 @@
|
||||||
authorized: "{{ zerotier_authorize_member }}"
|
authorized: "{{ zerotier_authorize_member }}"
|
||||||
body_format: json
|
body_format: json
|
||||||
register: auth_apiresult
|
register: auth_apiresult
|
||||||
become: false
|
|
||||||
delegate_to: "{{ zerotier_api_delegate }}"
|
delegate_to: "{{ zerotier_api_delegate }}"
|
||||||
|
|
||||||
- name: Configure members in network
|
- name: Configure members in network
|
||||||
|
|
@ -37,7 +43,6 @@
|
||||||
ipAssignments: "{{ zerotier_member_ip_assignments | default([]) | list }}"
|
ipAssignments: "{{ zerotier_member_ip_assignments | default([]) | list }}"
|
||||||
body_format: json
|
body_format: json
|
||||||
register: conf_apiresult
|
register: conf_apiresult
|
||||||
become: false
|
|
||||||
delegate_to: "{{ zerotier_api_delegate }}"
|
delegate_to: "{{ zerotier_api_delegate }}"
|
||||||
|
|
||||||
when:
|
when:
|
||||||
|
|
@ -45,3 +50,4 @@
|
||||||
- not ansible_check_mode
|
- not ansible_check_mode
|
||||||
tags:
|
tags:
|
||||||
- configuration
|
- configuration
|
||||||
|
become: false
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue