-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Privilege escallation not working when connection docker #53385
Comments
Files identified in the description: If these files are inaccurate, please update the |
Hi, Looking at the plugin code I would say that privilege escalation is not supported by the plugin. It inspects the container and the default exec user is The only quick solution to test I may think of is giving the In my opinion this is feature request not a bug. |
Hi, as I detected it while looking for possibilities to run the playbooks on a test environment the option with password-less sudo should be sufficient. Besides from that how can this be filed as a feature request? |
+label feature |
@objectified @lorin can you share more details on supporting privilege escalation in |
@WojciechowskiPiotr Alas, I have not worked on this code base in years, I'm not sure who the current maintainer is at this point for the docker connection plugin. |
@jojo221119 Why don't you use @lorin maintainership is essentially $team_docker, but I think nobody of us has much experience with this plugin, so it's not really maintained at the moment. |
@felixfontein The playbooks I develop are aimed to run against real servers using the SSH connection type. |
@jojo221119 yep, in that case, |
I just ran into this, trying to do the same thing (using containers for testing out playbooks that will ultimately run against real servers). If the plugin doesn't support privilege escalation, can we modify it to produce a more obvious error message? |
As described in ansible#53385 (and ansible#31759), the docker connection driver did not support privilege escalation. This commit is a shameless cut-and-paste of the privilege escalation support from the `local` connection plugin into the `docker` plugin. Closes: ansible#53385
As described in ansible#53385 (and ansible#31759), the docker connection driver did not support privilege escalation. This commit is a shameless cut-and-paste of the privilege escalation support from the `local` connection plugin into the `docker` plugin. This is a backport to stable-2.7 of ansible#55816.
As described in ansible#53385 (and ansible#31759), the docker connection driver did not support privilege escalation. This commit is a shameless cut-and-paste of the privilege escalation support from the `local` connection plugin into the `docker` plugin. Closes: ansible#53385 (cherry picked from commit 61e476b)
As described in ansible#53385 (and ansible#31759), the docker connection driver did not support privilege escalation. This commit is a shameless cut-and-paste of the privilege escalation support from the `local` connection plugin into the `docker` plugin. This is a backport to stable-2.7 of ansible#55816.
…56277) * connection/docker: add privilege escalation support (#55816) As described in #53385 (and #31759), the docker connection driver did not support privilege escalation. This commit is a shameless cut-and-paste of the privilege escalation support from the `local` connection plugin into the `docker` plugin. Closes: #53385 (cherry picked from commit 61e476b) * docker connection plugin: make privilege escalation code more similar to local.py (#56288) * Make more similar to local.py * Fix typo. (cherry picked from commit 708bda0)
As described in ansible#53385 (and ansible#31759), the docker connection driver did not support privilege escalation. This commit is a shameless cut-and-paste of the privilege escalation support from the `local` connection plugin into the `docker` plugin. Closes: ansible#53385
SUMMARY
Ansible become is not working with a user different then root.
Checked with different become methods like here
For become method sudo the error message is:
ISSUE TYPE
COMPONENT NAME
connection docker
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
Ansible host OS RHEL7
Docker container OS Centos7
STEPS TO REPRODUCE
Start an image created by molecule (adds Python and other things to use ansible for containers) and add an additional user with permissions to become root.
Execute the playbook with connection "docker"
EXPECTED RESULTS
Privilege escalation is working without any issue.
ACTUAL RESULTS
ansible-playbook -i hosts test.yml -c docker -vvvv
The text was updated successfully, but these errors were encountered: