From 27d218f85ddfd338d13af0c14ca0587938dd36e8 Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Wed, 11 Jan 2017 15:05:25 +1100 Subject: [PATCH] Don't use rsync-path in synchronize with docker When you become: with synchronize and docker it sets the rsync-path to "sudo rsync" to launch rsync on the server as root. Unfortunately due to docker exec doing stricter argument parsing than ssh this fails to launch rsync on the server and the sync fails. For docker though we don't need to launch rsync with sudo we can simply docker exec -u and rsync as normal to get around the problem. Closes #20117 --- lib/ansible/plugins/action/synchronize.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/ansible/plugins/action/synchronize.py b/lib/ansible/plugins/action/synchronize.py index 6af17c55ab..61d78571ca 100644 --- a/lib/ansible/plugins/action/synchronize.py +++ b/lib/ansible/plugins/action/synchronize.py @@ -331,8 +331,13 @@ class ActionModule(ActionBase): # Allow custom rsync path argument rsync_path = _tmp_args.get('rsync_path', None) + # backup original become as we are probably about to unset it + become = self._play_context.become + if not dest_is_local: - if self._play_context.become and not rsync_path: + # don't escalate for docker. doing --rsync-path with docker exec fails + # and we can switch directly to the user via docker arguments + if self._play_context.become and not rsync_path and self._remote_transport != 'docker': # If no rsync_path is set, become was originally set, and dest is # remote then add privilege escalation here. if self._play_context.become_method == 'sudo': @@ -363,7 +368,9 @@ class ActionModule(ActionBase): _tmp_args['rsync_opts'] = self._task.args.get('rsync_opts', '').split(' ') if '--blocking-io' not in _tmp_args['rsync_opts']: _tmp_args['rsync_opts'].append('--blocking-io') - if user is not None: + if become and self._play_context.become_user: + _tmp_args['rsync_opts'].append("--rsh='%s exec -u %s -i'" % (self._docker_cmd, self._play_context.become_user)) + elif user is not None: _tmp_args['rsync_opts'].append("--rsh='%s exec -u %s -i'" % (self._docker_cmd, user)) else: _tmp_args['rsync_opts'].append("--rsh='%s exec -i'" % self._docker_cmd)