REX ignores become_user in Ansible role


Running Ansible roles via REX ignores become_user

We have roles that run various tasks as non root users.

Our Ansible roles are ran via the “Ansible Roles - Ansible Default” job template. Any task that contains become with become_user are being being ran as root.

We have the below host parameters:

remote_execution_ssh_user = rexuser

We have the below global settings:

SSH User: root
Effective User: root
Effective User Method: sudo

The same roles execute as expected when ran independently of Foreman Job Templates.

Expected outcome:

We expect Foreman to run the tasks using the become and become_user

Foreman and Proxy versions:

Foreman and Proxy plugin versions:


Distribution and version:

Red Hat 7.9

Other relevant data:

This is a test task ran inside an imported role

cat /etc/ansible/roles/testrole/tasks/main.yml


- name: Test Role
  command: id
  register: output
  become: true
  become_user: test01

- debug:
    msg: "{{ output.stdout }}"

When executed, the id output shows as the root user, not test01 user:

    ok: [myhost.mydomain] => {
        "msg": "uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023"

How can we used become_user inside Ansible Roles when ran via Job Templates.

If the connection user and effective user are different, then all the become_user: in playbooks are ignored, but that is ansible’s behavior. It is roughly analogous to running ansible-playbook --user rexuser --become-user root .... If you do this, you should observe the same behaviour. Either you have to let Foreman control the users or you can do it inside the playbooks, but you can’t really have both at the same time.