infra
/
host-provisioner
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set become method to su
infra/host-provisioner/pipeline/head This commit looks good Details 

Since the host-provisioner connects to remote machines as _root_, it
normally doesn't use Ansible's "become" system at all.  Some tasks,
though, need to to use it to switch to a specific unprivileged user.
For those, `doas` is not appropriate, since it doesn't permit root by
default.  Rather than adjust this configuration, let's switch to `su`
which requires no configuration, and does allow root.
master
Dustin 2025-07-08 20:11:19 -05:00
parent 2500dc511d
commit d860a25986
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
host_provisioner.py
View File

@ -63,7 +63,7 @@ def amqp_connect() -> pika.BlockingConnection:
def apply_playbook(*args: str) -> None: def apply_playbook(*args: str) -> None:
cmd = ['ansible-playbook', '-u', 'root'] cmd = ['ansible-playbook', '-u', 'root', '--become-method', 'su']
cmd += args cmd += args
log.debug('Running command: %s', cmd) log.debug('Running command: %s', cmd)
subprocess.run(cmd, check=True, stdin=subprocess.DEVNULL) subprocess.run(cmd, check=True, stdin=subprocess.DEVNULL)