diff --git a/changelogs/fragments/ansible-test-remote-become.yml b/changelogs/fragments/ansible-test-remote-become.yml new file mode 100644 index 00000000000..031cac34ba6 --- /dev/null +++ b/changelogs/fragments/ansible-test-remote-become.yml @@ -0,0 +1,3 @@ +minor_changes: + - ansible-test - Alpine remotes now use ``sudo`` for tests, using ``doas`` only for bootstrapping. + - ansible-test - FreeBSD remotes now use ``sudo`` for tests, using ``su`` only for bootstrapping. diff --git a/test/lib/ansible_test/_data/completion/remote.txt b/test/lib/ansible_test/_data/completion/remote.txt index da872da205c..301cb8f3f76 100644 --- a/test/lib/ansible_test/_data/completion/remote.txt +++ b/test/lib/ansible_test/_data/completion/remote.txt @@ -1,11 +1,11 @@ -alpine/3.16 python=3.10 become=doas provider=aws arch=x86_64 -alpine become=doas provider=aws arch=x86_64 +alpine/3.16 python=3.10 become=doas_sudo provider=aws arch=x86_64 +alpine become=doas_sudo provider=aws arch=x86_64 fedora/35 python=3.10 become=sudo provider=aws arch=x86_64 fedora/36 python=3.10 become=sudo provider=aws arch=x86_64 fedora become=sudo provider=aws arch=x86_64 -freebsd/12.3 python=3.8 python_dir=/usr/local/bin become=su provider=aws arch=x86_64 -freebsd/13.1 python=3.8,3.7,3.9,3.10 python_dir=/usr/local/bin become=su provider=aws arch=x86_64 -freebsd python_dir=/usr/local/bin become=su provider=aws arch=x86_64 +freebsd/12.3 python=3.8 python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64 +freebsd/13.1 python=3.8,3.7,3.9,3.10 python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64 +freebsd python_dir=/usr/local/bin become=su_sudo provider=aws arch=x86_64 macos/12.0 python=3.10 python_dir=/usr/local/bin become=sudo provider=parallels arch=x86_64 macos python_dir=/usr/local/bin become=sudo provider=parallels arch=x86_64 rhel/7.9 python=2.7 become=sudo provider=aws arch=x86_64 diff --git a/test/lib/ansible_test/_internal/become.py b/test/lib/ansible_test/_internal/become.py index a9a98bd8142..efdd39c72e9 100644 --- a/test/lib/ansible_test/_internal/become.py +++ b/test/lib/ansible_test/_internal/become.py @@ -12,6 +12,11 @@ from .util import ( class Become(metaclass=abc.ABCMeta): """Base class for become implementations.""" + @classmethod + def name(cls): + """The name of this plugin.""" + return cls.__name__.lower() + @property @abc.abstractmethod def method(self): # type: () -> str @@ -41,6 +46,19 @@ class Doas(Become): return become +class DoasSudo(Doas): + """Become using 'doas' in ansible-test and then after bootstrapping use 'sudo' for other ansible commands.""" + @classmethod + def name(cls): + """The name of this plugin.""" + return 'doas_sudo' + + @property + def method(self): # type: () -> str + """The name of the Ansible become plugin that is equivalent to this.""" + return 'sudo' + + class Su(Become): """Become using 'su'.""" @property @@ -58,6 +76,19 @@ class Su(Become): return become +class SuSudo(Su): + """Become using 'su' in ansible-test and then after bootstrapping use 'sudo' for other ansible commands.""" + @classmethod + def name(cls): + """The name of this plugin.""" + return 'su_sudo' + + @property + def method(self): # type: () -> str + """The name of the Ansible become plugin that is equivalent to this.""" + return 'sudo' + + class Sudo(Become): """Become using 'sudo'.""" @property @@ -75,4 +106,4 @@ class Sudo(Become): return become -SUPPORTED_BECOME_METHODS = {cls.__name__.lower(): cls for cls in get_subclasses(Become)} +SUPPORTED_BECOME_METHODS = {cls.name(): cls for cls in get_subclasses(Become)} diff --git a/test/lib/ansible_test/_util/target/setup/bootstrap.sh b/test/lib/ansible_test/_util/target/setup/bootstrap.sh index 96e92047bd3..449a2f3c078 100644 --- a/test/lib/ansible_test/_util/target/setup/bootstrap.sh +++ b/test/lib/ansible_test/_util/target/setup/bootstrap.sh @@ -90,6 +90,7 @@ bootstrap_remote_alpine() gcc python3-dev ${py_pkg_prefix}-pip + sudo " if [ "${controller}" ]; then @@ -213,6 +214,9 @@ prefer-binary = yes mount -o acls "${fs_device}" "${fs_path}" awk 'BEGIN{FS=" "}; /'"${fs_device_escaped}"'/ {gsub(/^rw$/,"rw,acls", $4); print; next} // {print}' /etc/fstab > /etc/fstab.new mv /etc/fstab.new /etc/fstab + + # enable sudo without a password for the wheel group, allowing ansible to use the sudo become plugin + echo '%wheel ALL=(ALL:ALL) NOPASSWD: ALL' > /usr/local/etc/sudoers.d/ansible-test } bootstrap_remote_macos()