I finally fixed the problem after reading the doc on synchronize. I found the following note:
The user and permissions for the synchronize src are those of the user > running the Ansible task on the local host, or the become_user if become: > yes is active. synchronize will attempt to escalate privileges to the > become_user on the local host. This is changing the semantic of the become and become_user parameters. Normally, as I understood it, it is to define the behavior remotely. For this reason I defined it globally to yes in my playbook. But synchronize use it to control the identity change locally. This is inconsistent and confusing. As a consequence I don't know what synchronize is doing. I'm running the playbook as user A. In the inventory I defined the variable ansible_user=B. In the playbook I defined become:yes and become_method: sudo. So I assumed that while running the playbook as user A, ansible will connect remotely as user B and run the tasks after performing a sudo. I have configured it to be a password less sudo to root. This is apparently how things work as I deduced by trial and error. Now synchronize hijacks the parameter become and change it's purpose. For synchronize it now specify if the identity should be changed locally and become_user would specify to what. But then how is the remote identity and privilege escalation define ? It looks like there is still a confusing mix up in the way to define the different identities and change method and optional password. It's not yet fully orthogonal. It should be possible to define a local identity change and a remote identity as the ssh user identity (ansible_user?) and authentication method. The hack made by synchronize about this is really confusing. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d4ed87fc-f4ae-442e-83b3-7d937831b5f9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
