incus, machinectl, run0 - fix become over pty connections (#11771)
* incus, machinectl, run0 - fix become over pty connections
Four small fixes across three plugins, all discovered while trying to
use community.general.machinectl (and later community.general.run0)
as become methods over the community.general.incus connection.
Core bug: machinectl and run0 both set require_tty = True, but the
incus connection plugin was ignoring that hint and invoking
'incus exec' without -t. Honor require_tty by passing -t, mirroring
what the OpenSSH plugin does with -tt.
Once the pty is in place, both become plugins emit terminal control
sequences (window-title OSC, ANSI reset) around the child command
that land in captured stdout alongside the module JSON and trip the
result parser with "Module invocation had junk after the JSON data".
Suppress that decoration at the source by prefixing the constructed
shell command with SYSTEMD_COLORS=0. TERM=dumb would work too but
has a wider blast radius (it also affects interactive tools inside
the become-user session); SYSTEMD_COLORS is the documented
systemd-scoped knob.
run0 was also missing pipelining = False. When run0 is used over a
connection that honors require_tty, ansible's pipelining sends the
module source on stdin to remote python3, which cannot be forwarded
cleanly through the pty chain and hangs indefinitely. Disable
pipelining the same way community.general.machinectl already does.
Also add tests/unit/plugins/become/test_machinectl.py mirroring the
existing test_run0.py. machinectl had no unit test coverage before,
which is why CI did not catch the SYSTEMD_COLORS=0 prefix change
when the equivalent run0 change broke test_run0_basic/test_run0_flags.
* Update changelogs/fragments/11771-incus-machinectl-run0-become-pty.yml
---------
(cherry picked from commit df252e5fab)
Co-authored-by: Martin Schürrer <martin@schuerrer.org>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Adjust all __future__ imports:
for i in $(grep -REl "__future__.*absolute_import" plugins/ tests/); do
sed -e 's/from __future__ import .*/from __future__ import annotations/g' -i $i;
done
* Remove all UTF-8 encoding specifications for Python source files:
for i in $(grep -REl '[-][*]- coding: utf-8 -[*]-' plugins/ tests/); do
sed -e '/^# -\*- coding: utf-8 -\*-/d' -i $i;
done
* Remove __metaclass__ = type:
for i in $(grep -REl '__metaclass__ = type' plugins/ tests/); do
sed -e '/^__metaclass__ = type/d' -i $i;
done
* fix: sudosu not working on some BSD machines
* fix: sudosu: added a flag (`alt_method`) to enhance compatibility with more versions of `su`
* Update changelogs/fragments/8214-sudosu-not-working-on-some-BSD-machines.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/become/sudosu.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/become/sudosu.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/become/sudosu.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/become/sudosu.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix: sudosu: lint
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Experimental change from OpenIndiana
* resolve pfexec problem, by removing superfluous quotes
* reimplement "wrap_exe"
* remove spaces arround keyword argument assignment
* adapted pfexec unit test
* Try to fix quoting of test expression
* Fix quoting of test expression by replacing ' with "
* Add changelog fragment
* Move licenses to LICENSES/, run add-license.py, add LICENSES/MIT.txt.
* Replace 'Copyright:' with 'Copyright'
sed -i 's|Copyright:\(.*\)|Copyright\1|' $(rg -l 'Copyright:')
Co-authored-by: Maxwell G <gotmax@e.email>
* added password prompt support for machinectl
* include review comments
This includes the review comments as well as changelog fragment. This also gives more information about the polkit rule.
* fix yaml doc with leftover bracket
* include review comments 2
* move regex compile to global scope
* Add support for `sudo su -` using password auth
Allow users to run Ansible tasks through `sudo su -` using password auth
- Feature Pull Request
sudosu
So I have been using this at various customers for bootstrapping Ansible mostly.
Often you have an existing setup where there is a user that has root-access enabled through sudo, but only to run `su` to log using the user's password.
In these specific cases the root password is unique to the system and therefore not an easy way to automate bootstrapping.
Having a `sudo su -` become option **with password prompt** is not possible with the existing become methods (neither sudo nor su can be used) by abusing `become_exe` or `become_flags`.
This fixesansible/ansible#12686
* Fix all reported issues
* Add unit tests
* Apply suggestions from code review
* Update plugins/become/sudosu.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update tests/unit/plugins/become/test_sudosu.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update tests/unit/plugins/become/test_sudosu.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* doas: properly set the default values
The module expects by default:
- `become_user` to be `None` or a string,
- `become_flags` to by an empty string.
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix become plugins.
* Fix become unit tests to avoid play_context.make_become_cmd.
* Remove hack.
* Remove explicit defaults. Adjust tests to be more like Ansible itself.
* Forgot two lines.
* Rewrite tests (again).
* Rename play_context -> task, add possibility to pass var_options.
* Add var_options variants.
* Properly test overwriting.
