mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
More fixing of become stuff in v2
This commit is contained in:
parent
70f56c135c
commit
22304afd1d
6 changed files with 39 additions and 63 deletions
|
@ -164,7 +164,7 @@ class ConnectionInformation:
|
||||||
|
|
||||||
return new_info
|
return new_info
|
||||||
|
|
||||||
def make_become_cmd(self, cmd, shell, become_settings=None):
|
def make_become_cmd(self, cmd, executable, become_settings=None):
|
||||||
|
|
||||||
"""
|
"""
|
||||||
helper function to create privilege escalation commands
|
helper function to create privilege escalation commands
|
||||||
|
@ -179,39 +179,43 @@ class ConnectionInformation:
|
||||||
prompt = None
|
prompt = None
|
||||||
becomecmd = None
|
becomecmd = None
|
||||||
|
|
||||||
shell = shell or '$SHELL'
|
executable = executable or '$SHELL'
|
||||||
|
|
||||||
if self.become_method == 'sudo':
|
if self.become:
|
||||||
# Rather than detect if sudo wants a password this time, -k makes sudo always ask for
|
if self.become_method == 'sudo':
|
||||||
# a password if one is required. Passing a quoted compound command to sudo (or sudo -s)
|
# Rather than detect if sudo wants a password this time, -k makes sudo always ask for
|
||||||
# directly doesn't work, so we shellquote it with pipes.quote() and pass the quoted
|
# a password if one is required. Passing a quoted compound command to sudo (or sudo -s)
|
||||||
# string to the user's shell. We loop reading output until we see the randomly-generated
|
# directly doesn't work, so we shellquote it with pipes.quote() and pass the quoted
|
||||||
# sudo prompt set with the -p option.
|
# string to the user's shell. We loop reading output until we see the randomly-generated
|
||||||
prompt = '[sudo via ansible, key=%s] password: ' % randbits
|
# sudo prompt set with the -p option.
|
||||||
exe = become_settings.get('sudo_exe', C.DEFAULT_SUDO_EXE)
|
prompt = '[sudo via ansible, key=%s] password: ' % randbits
|
||||||
flags = become_settings.get('sudo_flags', C.DEFAULT_SUDO_FLAGS)
|
exe = become_settings.get('sudo_exe', C.DEFAULT_SUDO_EXE)
|
||||||
becomecmd = '%s -k && %s %s -S -p "%s" -u %s %s -c "%s"' % \
|
flags = become_settings.get('sudo_flags', C.DEFAULT_SUDO_FLAGS)
|
||||||
(exe, exe, flags or C.DEFAULT_SUDO_FLAGS, prompt, self.become_user, shell, 'echo %s; %s' % (success_key, cmd))
|
becomecmd = '%s -k && %s %s -S -p "%s" -u %s %s -c "%s"' % \
|
||||||
|
(exe, exe, flags or C.DEFAULT_SUDO_FLAGS, prompt, self.become_user, executable, 'echo %s; %s' % (success_key, cmd))
|
||||||
|
|
||||||
elif self.become_method == 'su':
|
elif self.become_method == 'su':
|
||||||
exe = become_settings.get('su_exe', C.DEFAULT_SU_EXE)
|
exe = become_settings.get('su_exe', C.DEFAULT_SU_EXE)
|
||||||
flags = become_settings.get('su_flags', C.DEFAULT_SU_FLAGS)
|
flags = become_settings.get('su_flags', C.DEFAULT_SU_FLAGS)
|
||||||
becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, shell, pipes.quote('echo %s; %s' % (success_key, cmd)))
|
becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, executable, pipes.quote('echo %s; %s' % (success_key, cmd)))
|
||||||
|
|
||||||
elif self.become_method == 'pbrun':
|
elif self.become_method == 'pbrun':
|
||||||
exe = become_settings.get('pbrun_exe', 'pbrun')
|
exe = become_settings.get('pbrun_exe', 'pbrun')
|
||||||
flags = become_settings.get('pbrun_flags', '')
|
flags = become_settings.get('pbrun_flags', '')
|
||||||
becomecmd = '%s -b -l %s -u %s "%s"' % (exe, flags, self.become_user, 'echo %s; %s' % (success_key,cmd))
|
becomecmd = '%s -b -l %s -u %s "%s"' % (exe, flags, self.become_user, 'echo %s; %s' % (success_key,cmd))
|
||||||
|
|
||||||
elif self.become_method == 'pfexec':
|
elif self.become_method == 'pfexec':
|
||||||
exe = become_settings.get('pfexec_exe', 'pbrun')
|
exe = become_settings.get('pfexec_exe', 'pbrun')
|
||||||
flags = become_settings.get('pfexec_flags', '')
|
flags = become_settings.get('pfexec_flags', '')
|
||||||
# No user as it uses it's own exec_attr to figure it out
|
# No user as it uses it's own exec_attr to figure it out
|
||||||
becomecmd = '%s %s "%s"' % (exe, flags, 'echo %s; %s' % (success_key,cmd))
|
becomecmd = '%s %s "%s"' % (exe, flags, 'echo %s; %s' % (success_key,cmd))
|
||||||
elif self.become:
|
|
||||||
raise errors.AnsibleError("Privilege escalation method not found: %s" % method)
|
|
||||||
|
|
||||||
return (('%s -c ' % shell) + pipes.quote(becomecmd), prompt, success_key)
|
else:
|
||||||
|
raise errors.AnsibleError("Privilege escalation method not found: %s" % method)
|
||||||
|
|
||||||
|
return (('%s -c ' % executable) + pipes.quote(becomecmd), prompt, success_key)
|
||||||
|
|
||||||
|
return (cmd, "", "")
|
||||||
|
|
||||||
def check_become_success(self, output, become_settings):
|
def check_become_success(self, output, become_settings):
|
||||||
#TODO: implement
|
#TODO: implement
|
||||||
|
|
|
@ -100,7 +100,6 @@ class Play(Base, Taggable, Become):
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def load(data, variable_manager=None, loader=None):
|
def load(data, variable_manager=None, loader=None):
|
||||||
p = Play()
|
p = Play()
|
||||||
print("in play load, become is: %s" % getattr(p, 'become'))
|
|
||||||
return p.load_data(data, variable_manager=variable_manager, loader=loader)
|
return p.load_data(data, variable_manager=variable_manager, loader=loader)
|
||||||
|
|
||||||
def munge(self, ds):
|
def munge(self, ds):
|
||||||
|
|
|
@ -454,7 +454,7 @@ class ActionBase:
|
||||||
success_key = None
|
success_key = None
|
||||||
|
|
||||||
if sudoable:
|
if sudoable:
|
||||||
cmd, prompt, success_key = self._connection_info.make_become_cmd(executable, cmd)
|
cmd, prompt, success_key = self._connection_info.make_become_cmd(cmd, executable)
|
||||||
|
|
||||||
debug("executing the command %s through the connection" % cmd)
|
debug("executing the command %s through the connection" % cmd)
|
||||||
rc, stdin, stdout, stderr = self._connection.exec_command(cmd, tmp, executable=executable, in_data=in_data)
|
rc, stdin, stdout, stderr = self._connection.exec_command(cmd, tmp, executable=executable, in_data=in_data)
|
||||||
|
|
|
@ -50,27 +50,14 @@ class Connection(ConnectionBase):
|
||||||
if in_data:
|
if in_data:
|
||||||
raise AnsibleError("Internal Error: this module does not support optimized module pipelining")
|
raise AnsibleError("Internal Error: this module does not support optimized module pipelining")
|
||||||
|
|
||||||
# FIXME: su/sudo stuff needs to be generalized
|
|
||||||
#if not self.runner.sudo or not sudoable:
|
|
||||||
# if executable:
|
|
||||||
# local_cmd = executable.split() + ['-c', cmd]
|
|
||||||
# else:
|
|
||||||
# local_cmd = cmd
|
|
||||||
#else:
|
|
||||||
# local_cmd, prompt, success_key = utils.make_become_cmd(self.runner.sudo_exe, sudo_user, executable, cmd)
|
|
||||||
if executable:
|
|
||||||
local_cmd = executable.split() + ['-c', cmd]
|
|
||||||
else:
|
|
||||||
local_cmd = cmd
|
|
||||||
|
|
||||||
executable = executable.split()[0] if executable else None
|
executable = executable.split()[0] if executable else None
|
||||||
|
|
||||||
self._display.vvv("%s EXEC %s" % (self._connection_info.remote_addr, local_cmd))
|
self._display.vvv("%s EXEC %s" % (self._connection_info.remote_addr, cmd))
|
||||||
# FIXME: cwd= needs to be set to the basedir of the playbook
|
# FIXME: cwd= needs to be set to the basedir of the playbook
|
||||||
debug("opening command with Popen()")
|
debug("opening command with Popen()")
|
||||||
p = subprocess.Popen(
|
p = subprocess.Popen(
|
||||||
local_cmd,
|
cmd,
|
||||||
shell=isinstance(local_cmd, basestring),
|
shell=isinstance(cmd, basestring),
|
||||||
executable=executable, #cwd=...
|
executable=executable, #cwd=...
|
||||||
stdin=subprocess.PIPE,
|
stdin=subprocess.PIPE,
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
|
|
|
@ -281,20 +281,7 @@ class Connection(ConnectionBase):
|
||||||
# ssh_cmd += ['-6']
|
# ssh_cmd += ['-6']
|
||||||
ssh_cmd += [self._connection_info.remote_addr]
|
ssh_cmd += [self._connection_info.remote_addr]
|
||||||
|
|
||||||
#if not (self._connection_info.sudo or self._connection_info.su):
|
ssh_cmd.append(cmd)
|
||||||
# prompt = None
|
|
||||||
# if executable:
|
|
||||||
# ssh_cmd.append(executable + ' -c ' + pipes.quote(cmd))
|
|
||||||
# else:
|
|
||||||
# ssh_cmd.append(cmd)
|
|
||||||
#elif self._connection_info.su and self._connection_info.su_user:
|
|
||||||
# su_cmd, prompt, success_key = self._connection_info.make_su_cmd(executable, cmd)
|
|
||||||
# ssh_cmd.append(su_cmd)
|
|
||||||
#else:
|
|
||||||
# # FIXME: hard-coded sudo_exe here
|
|
||||||
# sudo_cmd, prompt, success_key = self._connection_info.make_become_cmd('/usr/bin/sudo', executable, cmd)
|
|
||||||
# ssh_cmd.append(sudo_cmd)
|
|
||||||
|
|
||||||
self._display.vvv("EXEC %s" % ' '.join(ssh_cmd), host=self._connection_info.remote_addr)
|
self._display.vvv("EXEC %s" % ' '.join(ssh_cmd), host=self._connection_info.remote_addr)
|
||||||
|
|
||||||
not_in_host_file = self.not_in_host_file(self._connection_info.remote_addr)
|
not_in_host_file = self.not_in_host_file(self._connection_info.remote_addr)
|
||||||
|
|
|
@ -2,6 +2,5 @@
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
tasks:
|
tasks:
|
||||||
- command: whoami
|
- command: whoami
|
||||||
become: yes
|
become_user: testing
|
||||||
become_user: jamesc
|
|
||||||
become_method: su
|
become_method: su
|
||||||
|
|
Loading…
Reference in a new issue