mirror of
https://github.com/ansible/awx.git
synced 2024-10-31 23:51:09 +03:00
Fix to only specify sudo user if explicitly given by the credentials, so as not to force the playbook to require sudo privileges to run.
This commit is contained in:
parent
0dbb737f20
commit
c9da8294df
@ -103,8 +103,11 @@ class RunJob(Task):
|
||||
if creds:
|
||||
ssh_username = kwargs.get('ssh_username', creds.ssh_username)
|
||||
sudo_username = kwargs.get('sudo_username', creds.sudo_username)
|
||||
# Always specify the normal SSH user as root by default. Since this
|
||||
# task is normally running in the background under a service account,
|
||||
# it doesn't make sense to rely on ansible-playbook's default of using
|
||||
# the current user.
|
||||
ssh_username = ssh_username or 'root'
|
||||
sudo_username = sudo_username or 'root'
|
||||
inventory_script = self.get_path_to('management', 'commands',
|
||||
'acom_inventory.py')
|
||||
args = ['ansible-playbook', '-i', inventory_script]
|
||||
@ -113,6 +116,10 @@ class RunJob(Task):
|
||||
args.extend(['-u', ssh_username])
|
||||
if 'ssh_password' in kwargs.get('passwords', {}):
|
||||
args.append('--ask-pass')
|
||||
# However, we should only specify sudo user if explicitly given by the
|
||||
# credentials, otherwise, the playbook will be forced to run using
|
||||
# sudo, which may not always be the desired behavior.
|
||||
if sudo_username:
|
||||
args.extend(['-U', sudo_username])
|
||||
if 'sudo_password' in kwargs.get('passwords', {}):
|
||||
args.append('--ask-sudo-pass')
|
||||
|
@ -192,6 +192,7 @@ class RunJobTest(BaseCeleryTest):
|
||||
def check_job_result(self, job, expected='successful', expect_stdout=True,
|
||||
expect_traceback=False):
|
||||
msg = 'job status is %s, expected %s' % (job.status, expected)
|
||||
msg = '%s\nargs:\n%s' % (msg, job.job_args)
|
||||
if job.result_traceback:
|
||||
msg = '%s\ngot traceback:\n%s' % (msg, job.result_traceback)
|
||||
if job.result_stdout:
|
||||
|
Loading…
Reference in New Issue
Block a user