Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Become for chroot connection plugin #49509

wants to merge 1 commit into
base: devel


Copy link

@Abrosimov-a-a Abrosimov-a-a commented Dec 4, 2018


Add chroot_become variable to chroot plugin.
Execute chroot command via sudo if chroot_become is true.

  • Feature Pull Request



This feature useful when user have root permissions only for chroot path command.
As example:

# sudoers has something like:
ansibleuser    ALL=NOPASSWD: /usr/sbin/chroot /mnt/chroot *

# inventory file:
_chroot ansible_connection=chroot ansible_host=/mnt/chroot ansible_chroot_become=yes
Copy link

@bcoca bcoca left a comment

So 'become' is a misuse of the term here, first you are hardcoding to sudo, become is method agnostic, so su/dzdo/doas/etc .

Also become is meant for privilege escalation at the endpoint, not at the controller to execute the 'connection' itself, as such this will create much confusion on what the system does. There will also be a mismatch with other systems trying to compensate for 'user change' on the target while you are really changing the user 'at controller'.

I almost recommend creating an alternate connection plugin 'sudo_chroot' which will be a lot less confusing and not overload systems for different uses.

@@ -88,6 +98,10 @@ def __init__(self, play_context, new_stdin, *args, **kwargs):
if not self.chroot_cmd:
raise AnsibleError("chroot command not found in PATH")

self.chroot_become_cmd = distutils.spawn.find_executable('sudo')

This comment has been minimized.


bcoca Dec 5, 2018

use get_bin_path from ansible.module_utils.common.process instead, it can also emit an error when the executable is missing

This comment has been minimized.


Abrosimov-a-a Dec 5, 2018

Ok. I will make the appropriate changes in the near future.

Copy link

@Abrosimov-a-a Abrosimov-a-a commented Dec 11, 2018

Which way is more preferable?

  1. Copy chroot plugin code to the sudo_chroot and update it there.
  2. Inherit the chroot.Connection class. Update UID check and split _buffered_exec_command in the Place sudo_chroot specific code in the

I want to use the sudo_chroot_args variable for specify any sudo arguments. I looked at docker_extra_args from the docker plugin as an example, but this variable marked as TODO: remove in the
Can I use or do I need to use another way?
Where can I see the actual example?

Copy link

@bcoca bcoca commented Dec 11, 2018

you might want to wait for #38861 to land

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants