Skip to content

A
ansible
Commit 22304afd by James Cammarata
Options

More fixing of become stuff in v2

parent 70f56c13
Showing with 44 additions and 68 deletions
v2/ansible/executor/connection_info.py
......@@ -164,7 +164,7 @@ class ConnectionInformation:
return new_info
def make_become_cmd(self, cmd, shell, become_settings=None):
def make_become_cmd(self, cmd, executable, become_settings=None):
"""
helper function to create privilege escalation commands
......@@ -179,39 +179,43 @@ class ConnectionInformation:
prompt = None
becomecmd = None
shell = shell or '$SHELL'
if self.become_method == 'sudo':
# Rather than detect if sudo wants a password this time, -k makes sudo always ask for
# a password if one is required. Passing a quoted compound command to sudo (or sudo -s)
# directly doesn't work, so we shellquote it with pipes.quote() and pass the quoted
# string to the user's shell. We loop reading output until we see the randomly-generated
# sudo prompt set with the -p option.
prompt = '[sudo via ansible, key=%s] password: ' % randbits
exe = become_settings.get('sudo_exe', C.DEFAULT_SUDO_EXE)
flags = become_settings.get('sudo_flags', C.DEFAULT_SUDO_FLAGS)
becomecmd = '%s -k && %s %s -S -p "%s" -u %s %s -c "%s"' % \
(exe, exe, flags or C.DEFAULT_SUDO_FLAGS, prompt, self.become_user, shell, 'echo %s; %s' % (success_key, cmd))
elif self.become_method == 'su':
exe = become_settings.get('su_exe', C.DEFAULT_SU_EXE)
flags = become_settings.get('su_flags', C.DEFAULT_SU_FLAGS)
becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, shell, pipes.quote('echo %s; %s' % (success_key, cmd)))
elif self.become_method == 'pbrun':
exe = become_settings.get('pbrun_exe', 'pbrun')
flags = become_settings.get('pbrun_flags', '')
becomecmd = '%s -b -l %s -u %s "%s"' % (exe, flags, self.become_user, 'echo %s; %s' % (success_key,cmd))
elif self.become_method == 'pfexec':
exe = become_settings.get('pfexec_exe', 'pbrun')
flags = become_settings.get('pfexec_flags', '')
# No user as it uses it's own exec_attr to figure it out
becomecmd = '%s %s "%s"' % (exe, flags, 'echo %s; %s' % (success_key,cmd))
elif self.become:
raise errors.AnsibleError("Privilege escalation method not found: %s" % method)
return (('%s -c ' % shell) + pipes.quote(becomecmd), prompt, success_key)
executable = executable or '$SHELL'
if self.become:
if self.become_method == 'sudo':
# Rather than detect if sudo wants a password this time, -k makes sudo always ask for
# a password if one is required. Passing a quoted compound command to sudo (or sudo -s)
# directly doesn't work, so we shellquote it with pipes.quote() and pass the quoted
# string to the user's shell. We loop reading output until we see the randomly-generated
# sudo prompt set with the -p option.
prompt = '[sudo via ansible, key=%s] password: ' % randbits
exe = become_settings.get('sudo_exe', C.DEFAULT_SUDO_EXE)
flags = become_settings.get('sudo_flags', C.DEFAULT_SUDO_FLAGS)
becomecmd = '%s -k && %s %s -S -p "%s" -u %s %s -c "%s"' % \
(exe, exe, flags or C.DEFAULT_SUDO_FLAGS, prompt, self.become_user, executable, 'echo %s; %s' % (success_key, cmd))
elif self.become_method == 'su':
exe = become_settings.get('su_exe', C.DEFAULT_SU_EXE)
flags = become_settings.get('su_flags', C.DEFAULT_SU_FLAGS)
becomecmd = '%s %s %s -c "%s -c %s"' % (exe, flags, self.become_user, executable, pipes.quote('echo %s; %s' % (success_key, cmd)))
elif self.become_method == 'pbrun':
exe = become_settings.get('pbrun_exe', 'pbrun')
flags = become_settings.get('pbrun_flags', '')
becomecmd = '%s -b -l %s -u %s "%s"' % (exe, flags, self.become_user, 'echo %s; %s' % (success_key,cmd))
elif self.become_method == 'pfexec':
exe = become_settings.get('pfexec_exe', 'pbrun')
flags = become_settings.get('pfexec_flags', '')
# No user as it uses it's own exec_attr to figure it out
becomecmd = '%s %s "%s"' % (exe, flags, 'echo %s; %s' % (success_key,cmd))
else:
raise errors.AnsibleError("Privilege escalation method not found: %s" % method)
return (('%s -c ' % executable) + pipes.quote(becomecmd), prompt, success_key)
return (cmd, "", "")
def check_become_success(self, output, become_settings):
#TODO: implement
......
v2/ansible/playbook/play.py
......@@ -100,7 +100,6 @@ class Play(Base, Taggable, Become):
@staticmethod
def load(data, variable_manager=None, loader=None):
p = Play()
print("in play load, become is: %s" % getattr(p, 'become'))
return p.load_data(data, variable_manager=variable_manager, loader=loader)
def munge(self, ds):
......
v2/ansible/plugins/action/__init__.py
......@@ -454,7 +454,7 @@ class ActionBase:
success_key = None
if sudoable:
cmd, prompt, success_key = self._connection_info.make_become_cmd(executable, cmd)
cmd, prompt, success_key = self._connection_info.make_become_cmd(cmd, executable)
debug("executing the command %s through the connection" % cmd)
rc, stdin, stdout, stderr = self._connection.exec_command(cmd, tmp, executable=executable, in_data=in_data)
......
v2/ansible/plugins/connections/local.py
......@@ -50,27 +50,14 @@ class Connection(ConnectionBase):
if in_data:
raise AnsibleError("Internal Error: this module does not support optimized module pipelining")
# FIXME: su/sudo stuff needs to be generalized
#if not self.runner.sudo or not sudoable:
# if executable:
# local_cmd = executable.split() + ['-c', cmd]
# else:
# local_cmd = cmd
#else:
# local_cmd, prompt, success_key = utils.make_become_cmd(self.runner.sudo_exe, sudo_user, executable, cmd)
if executable:
local_cmd = executable.split() + ['-c', cmd]
else:
local_cmd = cmd
executable = executable.split()[0] if executable else None
self._display.vvv("%s EXEC %s" % (self._connection_info.remote_addr, local_cmd))
self._display.vvv("%s EXEC %s" % (self._connection_info.remote_addr, cmd))
# FIXME: cwd= needs to be set to the basedir of the playbook
debug("opening command with Popen()")
p = subprocess.Popen(
local_cmd,
shell=isinstance(local_cmd, basestring),
cmd,
shell=isinstance(cmd, basestring),
executable=executable, #cwd=...
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
......
v2/ansible/plugins/connections/ssh.py
......@@ -281,20 +281,7 @@ class Connection(ConnectionBase):
# ssh_cmd += ['-6']
ssh_cmd += [self._connection_info.remote_addr]
#if not (self._connection_info.sudo or self._connection_info.su):
# prompt = None
# if executable:
# ssh_cmd.append(executable + ' -c ' + pipes.quote(cmd))
# else:
# ssh_cmd.append(cmd)
#elif self._connection_info.su and self._connection_info.su_user:
# su_cmd, prompt, success_key = self._connection_info.make_su_cmd(executable, cmd)
# ssh_cmd.append(su_cmd)
#else:
# # FIXME: hard-coded sudo_exe here
# sudo_cmd, prompt, success_key = self._connection_info.make_become_cmd('/usr/bin/sudo', executable, cmd)
# ssh_cmd.append(sudo_cmd)
ssh_cmd.append(cmd)
self._display.vvv("EXEC %s" % ' '.join(ssh_cmd), host=self._connection_info.remote_addr)
not_in_host_file = self.not_in_host_file(self._connection_info.remote_addr)
......
v2/samples/test_become.yml
......@@ -2,6 +2,5 @@
gather_facts: no
tasks:
- command: whoami
become: yes
become_user: jamesc
become_user: testing
become_method: su
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment