ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-20 03:40:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

rhsm modules: cleanly fail when not run as root (#6211)

Browse source 
subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.

Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.
This commit is contained in:
Pino Toscano 2023-03-22 13:15:32 +01:00 committed by GitHub
commit 9f67cbbe36
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 40 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

12
plugins/modules/rhsm_repository.py
View file

@ -19,6 +19,8 @@ author: Giovanni Sciortino (@giovannisciortino)
notes:
- In order to manage RHSM repositories the system must be already registered
to RHSM manually or using the Ansible C(redhat_subscription) module.
- It is possible to interact with C(subscription-manager) only as root,
so root permissions are required to successfully run this module.
requirements:
- subscription-manager
@ -100,9 +102,7 @@ def run_subscription_manager(module, arguments):
lang_env = dict(LANG='C', LC_ALL='C', LC_MESSAGES='C')
rc, out, err = module.run_command("%s %s" % (rhsm_bin, " ".join(arguments)), environ_update=lang_env)
if rc == 1 and (err == 'The password you typed is invalid.\nPlease try again.\n' or os.getuid() != 0):
module.fail_json(msg='The executable file subscription-manager must be run using root privileges')
elif rc == 0 and out == 'This system has no repositories available through subscriptions.\n':
if rc == 0 and out == 'This system has no repositories available through subscriptions.\n':
module.fail_json(msg='This system has no repositories available through subscriptions')
elif rc == 1:
module.fail_json(msg='subscription-manager failed with the following error: %s' % err)
@ -243,6 +243,12 @@ def main():
),
supports_check_mode=True,
)
if os.getuid() != 0:
module.fail_json(
msg="Interacting with subscription-manager requires root permissions ('become: true')"
)
name = module.params['name']
state = module.params['state']
purge = module.params['purge']