From c9da8294dfa425201af0a16bb34953a9429dcd52 Mon Sep 17 00:00:00 2001 From: Chris Church Date: Mon, 17 Jun 2013 19:48:09 -0400 Subject: [PATCH] Fix to only specify sudo user if explicitly given by the credentials, so as not to force the playbook to require sudo privileges to run. --- ansibleworks/main/tasks.py | 11 +++++++++-- ansibleworks/main/tests/tasks.py | 1 + 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ansibleworks/main/tasks.py b/ansibleworks/main/tasks.py index 83241b60a8..49cda02df4 100644 --- a/ansibleworks/main/tasks.py +++ b/ansibleworks/main/tasks.py @@ -103,8 +103,11 @@ class RunJob(Task): if creds: ssh_username = kwargs.get('ssh_username', creds.ssh_username) sudo_username = kwargs.get('sudo_username', creds.sudo_username) + # Always specify the normal SSH user as root by default. Since this + # task is normally running in the background under a service account, + # it doesn't make sense to rely on ansible-playbook's default of using + # the current user. ssh_username = ssh_username or 'root' - sudo_username = sudo_username or 'root' inventory_script = self.get_path_to('management', 'commands', 'acom_inventory.py') args = ['ansible-playbook', '-i', inventory_script] @@ -113,7 +116,11 @@ class RunJob(Task): args.extend(['-u', ssh_username]) if 'ssh_password' in kwargs.get('passwords', {}): args.append('--ask-pass') - args.extend(['-U', sudo_username]) + # However, we should only specify sudo user if explicitly given by the + # credentials, otherwise, the playbook will be forced to run using + # sudo, which may not always be the desired behavior. + if sudo_username: + args.extend(['-U', sudo_username]) if 'sudo_password' in kwargs.get('passwords', {}): args.append('--ask-sudo-pass') if job.forks: # FIXME: Max limit? diff --git a/ansibleworks/main/tests/tasks.py b/ansibleworks/main/tests/tasks.py index aeb18c0a6f..547d09e0bc 100644 --- a/ansibleworks/main/tests/tasks.py +++ b/ansibleworks/main/tests/tasks.py @@ -192,6 +192,7 @@ class RunJobTest(BaseCeleryTest): def check_job_result(self, job, expected='successful', expect_stdout=True, expect_traceback=False): msg = 'job status is %s, expected %s' % (job.status, expected) + msg = '%s\nargs:\n%s' % (msg, job.job_args) if job.result_traceback: msg = '%s\ngot traceback:\n%s' % (msg, job.result_traceback) if job.result_stdout: