-
Conditional Privilege Escalation in Ansible Playbooks
Fixing become_user Failures When Already Logged in as this user, e.g. ansible_user Problem Description This error occurs when an Ansible task is configured with become: true and a become_user that matches the current login user (the remote_user). Even if you are already logged in as the target user, Ansible attempts to wrap the module execution in a privilege escalation command (typically sudo -u target_user). If the target user is not explicitly permitted in the /etc/sudoers file to “sudo to themselves,” the OS rejects the command, requesting a password that Ansible cannot provide. This is the classic “I am who I say I am, but I can’t prove it to myself”…
-
Reliably Fetching Git Tags in GitLab Pipelines (and the GIT_DEPTH Pitfall)
Finding the right version string in a CI/CD pipeline can be surprisingly tricky. If you’ve been searching for a way to grab the “latest” tag in your GitLab runner, you’ve likely stumbled across this specific combination of Git commands. At least I did… Here is a breakdown of what that command does, why it works, and the “gotchas” you need to look out for. The Command Breakdown The command is actually two Git commands nested together: 1. The Inner Command: git rev-list The part inside the parenthesis, git rev-list --tags --max-count=1, acts as a locator. 2. The Outer Command: git describe Once the inner command finds the “hash” (the unique…