cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add become support for OpenBSD doas

Browse source
This commit is contained in:
Damian Gerow 2015-08-17 21:31:18 -04:00
parent ee2e31b37a
commit 1c5611100e
9 changed files with 29 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/man/man1/ansible-playbook.1
View file

@ -60,7 +60,7 @@ Run operations with become (nopasswd implied)
.PP .PP
\fB\-\-become\-method=BECOME_METHOD\fR \fB\-\-become\-method=BECOME_METHOD\fR
.RS 4 .RS 4
Privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | runas ] Privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | runas | doas ]
.RE .RE
.PP .PP
\fB\-\-become\-user=BECOME_USER\fR \fB\-\-become\-user=BECOME_USER\fR

2
docs/man/man1/ansible-playbook.1.asciidoc.in
View file

@ -51,7 +51,7 @@ Run operations with become (nopasswd implied)
*--become-method=BECOME_METHOD*:: *--become-method=BECOME_METHOD*::
Privilege escalation method to use (default=sudo), Privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | runas ] valid choices: [ sudo | su | pbrun | pfexec | runas | doas ]
*--become-user=BECOME_USER*:: *--become-user=BECOME_USER*::

2
docs/man/man1/ansible.1
View file

@ -84,7 +84,7 @@ seconds\&.
.PP .PP
\fB\-\-become\-method=\fR\fIBECOME_METHOD\fR \fB\-\-become\-method=\fR\fIBECOME_METHOD\fR
.RS 4 .RS 4
Privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | runas ] Privilege escalation method to use (default=sudo), valid choices: [ sudo | su | pbrun | pfexec | runas | doas ]
.RE .RE
.PP .PP
\fB\-\-become\-user=\fR\fIBECOME_USER\fR \fB\-\-become\-user=\fR\fIBECOME_USER\fR

2
docs/man/man1/ansible.1.asciidoc.in
View file

@ -65,7 +65,7 @@ Run commands in the background, killing the task after 'NUM' seconds.
*--become-method=*'BECOME_METHOD':: *--become-method=*'BECOME_METHOD'::
Privilege escalation method to use (default=sudo), Privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | runas ] valid choices: [ sudo | su | pbrun | pfexec | runas | doas ]
*--become-user=*'BECOME_USER':: *--become-user=*'BECOME_USER'::

4
docsite/rst/become.rst
View file

@ -23,7 +23,7 @@ become_user
equivalent to adding 'sudo_user:' or 'su_user:' to a play or task, set to user with desired privileges equivalent to adding 'sudo_user:' or 'su_user:' to a play or task, set to user with desired privileges
become_method become_method
at play or task level overrides the default method set in ansible.cfg, set to 'sudo'/'su'/'pbrun'/'pfexec' at play or task level overrides the default method set in ansible.cfg, set to 'sudo'/'su'/'pbrun'/'pfexec'/'doas'
New ansible\_ variables New ansible\_ variables
@ -54,7 +54,7 @@ New command line options
--become-method=BECOME_METHOD --become-method=BECOME_METHOD
privilege escalation method to use (default=sudo), privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec ] valid choices: [ sudo | su | pbrun | pfexec | doas ]
--become-user=BECOME_USER --become-user=BECOME_USER
run operations as this user (default=root) run operations as this user (default=root)

2
docsite/rst/intro_configuration.rst
View file

@ -651,7 +651,7 @@ The equivalent of adding sudo: or su: to a play or task, set to true/yes to acti
become_method become_method
============= =============
Set the privilege escalation method. The default is ``sudo``, other options are ``su``, ``pbrun``, ``pfexec``:: Set the privilege escalation method. The default is ``sudo``, other options are ``su``, ``pbrun``, ``pfexec``, ``doas``::
become_method=su become_method=su

4
lib/ansible/constants.py
View file

@ -162,8 +162,8 @@ DEFAULT_SUDO_FLAGS = get_config(p, DEFAULTS, 'sudo_flags', 'ANSIBLE_SUDO_
DEFAULT_ASK_SUDO_PASS = get_config(p, DEFAULTS, 'ask_sudo_pass', 'ANSIBLE_ASK_SUDO_PASS', False, boolean=True) DEFAULT_ASK_SUDO_PASS = get_config(p, DEFAULTS, 'ask_sudo_pass', 'ANSIBLE_ASK_SUDO_PASS', False, boolean=True)
# Become # Become
BECOME_ERROR_STRINGS = {'sudo': 'Sorry, try again.', 'su': 'Authentication failure', 'pbrun': '', 'pfexec': '', 'runas': ''} #FIXME: deal with i18n BECOME_ERROR_STRINGS = {'sudo': 'Sorry, try again.', 'su': 'Authentication failure', 'pbrun': '', 'pfexec': '', 'runas': '', 'doas': 'Permission denied'} #FIXME: deal with i18n
BECOME_METHODS = ['sudo','su','pbrun','pfexec','runas'] BECOME_METHODS = ['sudo','su','pbrun','pfexec','runas','doas']
DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD','sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo' ).lower() DEFAULT_BECOME_METHOD = get_config(p, 'privilege_escalation', 'become_method', 'ANSIBLE_BECOME_METHOD','sudo' if DEFAULT_SUDO else 'su' if DEFAULT_SU else 'sudo' ).lower()
DEFAULT_BECOME = get_config(p, 'privilege_escalation', 'become', 'ANSIBLE_BECOME',False, boolean=True) DEFAULT_BECOME = get_config(p, 'privilege_escalation', 'become', 'ANSIBLE_BECOME',False, boolean=True)
DEFAULT_BECOME_USER = get_config(p, 'privilege_escalation', 'become_user', 'ANSIBLE_BECOME_USER', 'root') DEFAULT_BECOME_USER = get_config(p, 'privilege_escalation', 'become_user', 'ANSIBLE_BECOME_USER', 'root')

14
lib/ansible/playbook/play_context.py
View file

@ -387,6 +387,20 @@ class PlayContext(Base):
flags = self.become_flags or '' flags = self.become_flags or ''
becomecmd = '%s %s /user:%s "%s"' % (exe, flags, self.become_user, success_cmd) becomecmd = '%s %s /user:%s "%s"' % (exe, flags, self.become_user, success_cmd)
elif self.become_method == 'doas':
prompt = 'Password:'
exe = self.become_exe or 'doas'
flags = self.become_flags or ''
if not self.become_pass:
flags += ' -n '
if self.become_user:
flags += ' -u %s ' % self.become_user
becomecmd = '%s %s echo %s && %s %s env ANSIBLE=true %s' % (exe, flags, success_key, exe, flags, cmd)
else: else:
raise AnsibleError("Privilege escalation method not found: %s" % self.become_method) raise AnsibleError("Privilege escalation method not found: %s" % self.become_method)

6
test/units/playbook/test_play_context.py
View file

@ -123,6 +123,8 @@ class TestPlayContext(unittest.TestCase):
pbrun_flags = '' pbrun_flags = ''
pfexec_exe = 'pfexec' pfexec_exe = 'pfexec'
pfexec_flags = '' pfexec_flags = ''
doas_exe = 'doas'
doas_flags = ' -n -u foo '
cmd = play_context.make_become_cmd(cmd=default_cmd, executable=default_exe) cmd = play_context.make_become_cmd(cmd=default_cmd, executable=default_exe)
self.assertEqual(cmd, default_cmd) self.assertEqual(cmd, default_cmd)
@ -146,6 +148,10 @@ class TestPlayContext(unittest.TestCase):
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash") cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
self.assertEqual(cmd, """%s -c '%s %s "'"'"'echo %s; %s'"'"'"'""" % (default_exe, pfexec_exe, pfexec_flags, play_context.success_key, default_cmd)) self.assertEqual(cmd, """%s -c '%s %s "'"'"'echo %s; %s'"'"'"'""" % (default_exe, pfexec_exe, pfexec_flags, play_context.success_key, default_cmd))
play_context.become_method = 'doas'
cmd = play_context.make_become_cmd(cmd=default_cmd, executable="/bin/bash")
self.assertEqual(cmd, """%s -c '%s %s echo %s && %s %s env ANSIBLE=true %s'""" % (default_exe, doas_exe, doas_flags, play_context.success_key, doas_exe, doas_flags, default_cmd))
play_context.become_method = 'bad' play_context.become_method = 'bad'
self.assertRaises(AnsibleError, play_context.make_become_cmd, cmd=default_cmd, executable="/bin/bash") self.assertRaises(AnsibleError, play_context.make_become_cmd, cmd=default_cmd, executable="/bin/bash")