как сделать повышение привилегий при поиске (ini)

Question

Мой test.yml

      1 - name: Test ini
      2   hosts: localhost
      3   connection: local
      4   become: true
      5 
      6   tasks:
      7 
      8   - name: Verifying /etc/heat/heat.conf Configuration
      9     become_user: root
     10     become_method: sudo
     11     fail: msg="Unable to set in /etc/heat/heat.conf"
     12     when: "lookup('ini', 'max_resources_per_stack section=DEFAULT file=/etc/heat/heat.conf') != '-1'"

Ошибка

$ ansible-playbook test.yml 
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [Test ini] ***********************************************************************************************************************

TASK [Gathering Facts] ****************************************************************************************************************
ok: [localhost]

TASK [Verifying /etc/heat/heat.conf Configuration] ************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'lookup('ini', 'max_resources_per_stack section=DEFAULT file=/etc/heat/heat.conf') != '-1'' failed. The error was: An unhandled exception occurred while running the lookup plugin 'ini'. Error was a <class 'ansible.errors.AnsibleParserError'>, original message: an error occurred while trying to read the file '/etc/heat/heat.conf': [Errno 13] Permission denied: '/etc/heat/heat.conf'\n\nThe error appears to have been in '/home/stack/test.yml': line 8, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - name: Verifying /etc/heat/heat.conf Configuration\n    ^ here\n"}
    to retry, use: --limit @/home/stack/test.retry

PLAY RECAP ****************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=1 

Понятия не имею, почему он не работает?Модификация INI-файла работает с ini_file без указания become_user или become_user.Но это не работает с lookup?Даже я могу запустить команду crudini --get в оболочке.

$ ls -la /etc/heat/heat.conf 
-rw-r-----. 1 root heat 85196 May 29 01:39 /etc/heat/heat.conf

ОБНОВЛЕНИЕ

Playbook работает, только когда я запускаю playbook с sudo, какsudo ansible-playbook ini_test.yml

ОБНОВЛЕНИЕ2

ansible 2.6.11

Answer 1

Это ошибка .

С файлом / root / test

> ll /root/test
-rw-r----- 1 root root 30 May 29 15:09 /root/test

Плейбук

- hosts: localhost
  become_user: root
  become_method: sudo
  become: yes
  tasks:
    - command: whoami
      register: result
    - debug:
        var: result.stdout
    - name: read the file
      debug:
        msg: "{{ lookup('file', '/root/test') }}"

дает (сокращенно):

ok: [localhost] => {
    "result.stdout": "root"
}
TASK [read the file]
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'file'. Error was a <class 'ansible.errors.AnsibleError'>, original message: could not locate file in lookup: /root/test"}

Со всеми включенными для чтения

> ll /root/test
-rw-r--r-- 1 root root 30 May 29 15:09 /root/test

книга воспроизведения работает как положено и дает (сокращенно):

TASK [read the file]
ok: [localhost] => {
    "msg": "Wed May 29 15:09:43 CEST 2019"
}

Для записи. Как отвечать на вопросы, которые приводят к сообщениям об ошибках? .