diff --git a/ansible_mitogen/connection.py b/ansible_mitogen/connection.py index 59e82695..e71a98c3 100644 --- a/ansible_mitogen/connection.py +++ b/ansible_mitogen/connection.py @@ -131,6 +131,20 @@ def _connect_setns(spec): } +def _connect_su(spec): + return { + 'method': 'su', + 'enable_lru': True, + 'kwargs': { + 'username': spec['become_user'], + 'password': spec['become_pass'], + 'python_path': spec['python_path'], + 'su_path': spec['become_exe'], + 'connect_timeout': spec['timeout'], + } + } + + def _connect_sudo(spec): return { 'method': 'sudo', @@ -146,6 +160,20 @@ def _connect_sudo(spec): } +def _connect_mitogen_su(spec): + # su as a first-class proxied connection, not a become method. + return { + 'method': 'su', + 'kwargs': { + 'username': spec['remote_user'], + 'password': spec['password'], + 'python_path': spec['python_path'], + 'su_path': spec['become_exe'], + 'connect_timeout': spec['timeout'], + } + } + + def _connect_mitogen_sudo(spec): # sudo as a first-class proxied connection, not a become method. return { @@ -170,7 +198,9 @@ CONNECTION_METHOD = { 'machinectl': _connect_machinectl, 'setns': _connect_setns, 'ssh': _connect_ssh, + 'su': _connect_su, 'sudo': _connect_sudo, + 'mitogen_su': _connect_mitogen_su, 'mitogen_sudo': _connect_mitogen_sudo, } @@ -266,8 +296,8 @@ class Connection(ansible.plugins.connection.ConnectionBase): #: target machine (i.e. via sudo). context = None - #: Only sudo is supported for now. - become_methods = ['sudo'] + #: Only sudo and su are supported for now. + become_methods = ['sudo', 'su'] #: Set to 'ansible_python_interpreter' by on_action_run(). python_path = None diff --git a/docs/ansible.rst b/docs/ansible.rst index 893cdad4..9e03b190 100644 --- a/docs/ansible.rst +++ b/docs/ansible.rst @@ -110,11 +110,10 @@ Installation Noteworthy Differences ---------------------- -* Ansible 2.3, 2.4 and 2.5 are supported. File bugs to register interest in - older releases. +* Ansible 2.3, 2.4 and 2.5 are supported on Python 2.7. -* The ``sudo`` become method is available and ``su`` is planned. File bugs to - register interest in additional methods. +* The ``su`` and ``sudo`` become methods are available. File bugs to register + interest in more. * The `docker `_, `jail `_, @@ -123,8 +122,9 @@ Noteworthy Differences `lxd `_, and `ssh `_ built-in connection types are supported, along with Mitogen-specific - :ref:`machinectl `, :ref:`mitogen_sudo `, and - :ref:`setns ` types. File bugs to register interest in others. + :ref:`machinectl `, :ref:`mitogen_su `, :ref:`mitogen_sudo + `, and :ref:`setns ` types. File bugs to register interest in + others. * Local commands execute in a reuseable interpreter created identically to interpreters on targets. Presently one interpreter per ``become_user`` @@ -558,6 +558,31 @@ process. as ``/bin/machinectl``. +.. _su: + +Su +~~ + +Su can be used as a connection method that supports connection delegation, or +as a become method. + +When used as a become method: + +* ``ansible_python_interpreter`` +* ``ansible_su_exe``, ``ansible_become_exe`` +* ``ansible_su_user``, ``ansible_become_user`` (default: ``root``) +* ``ansible_su_pass``, ``ansible_become_pass`` (default: assume passwordless) +* ``su_flags``, ``become_flags`` +* ansible.cfg: ``timeout`` + +When used as the ``mitogen_su`` connection method: + +* The inventory hostname has no special meaning. +* ``ansible_user``: username to su as. +* ``ansible_password``: password to su as. +* ``ansible_python_interpreter`` + + .. _sudo: Sudo