lxd_connection: Allow non-root users to connect to an instance #9659
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as outdated.
This comment was marked as outdated.
ansibullbot
added
WIP
|
@yeetypete this PR contains the following merge commits: Please rebase your branch to remove these commits. |
ansibullbot
added
merge_commit
ansibullbot
removed
WIP
felixfontein
added
check-before-release
There was a problem hiding this comment.
Thanks for your contribution! Please add a changelog fragment. I've also added some first comments below.
This comment was marked as outdated.
This comment was marked as outdated.
ansibullbot
added
ci_verified
ansibullbot
removed
ci_verified
russoz
reviewed
Feb 10, 2025
russoz
reviewed
Feb 14, 2025
Co-authored-by: Felix Fontein <[email protected]>
This was referenced Feb 14, 2025
|
fyi I've also replicated this functionality in the incus plugin: #9743 |
Backport to stable-10: 💚 backport PR created✅ Backport PR branch: Backported as #9751 🤖 @patchback |
felixfontein
removed
the
check-before-release
patchback bot
pushed a commit
that referenced
this pull request
Feb 15, 2025
* fix: add support for non-root user * fix: show correct info for connection * fix: use build_exec_command to execute as nonroot * unset default user * feat: add options for setting remote user and become method * fix: add root as default remote_user * fix: remove ansible_ssh_user from remote_user vars * fix: use single quotes inside f-string * fix: ensure lxc exec comes first * fix: line length * fix: use -c flag with su * Update plugins/connection/lxd.py Co-authored-by: Felix Fontein <[email protected]> * Update plugins/connection/lxd.py Co-authored-by: Felix Fontein <[email protected]> * Update plugins/connection/lxd.py Co-authored-by: Felix Fontein <[email protected]> * doc: add changelog fragment * fix: use underscore for module name in fragment * Update 9659-lxd_connection-nonroot-user.yml Co-authored-by: Felix Fontein <[email protected]> * fix: add put command * feat: add get_remote_uid_gid placeholder function * feat: complete placeholder _get_remote_uid_gid function * fix: better logging * fix: ensure default values are of type str * fix: use ints for uid and gid * fix: print put command * fix: format * fix: display msg for PUT * fix: add comment about defaults * fix: format * fix: use os module to get uid and gid * Revert "fix: use os module to get uid and gid" This reverts commit bb2ba14. * Update plugins/connection/lxd.py Co-authored-by: Felix Fontein <[email protected]> * fix: omit uid, gid args in lxd file push if root --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit 06df717)
|
@yeetypete thanks for your contribution! |
|
@russoz thanks for reviewing! |
felixfontein
pushed a commit
that referenced
this pull request
Feb 15, 2025
…t users to connect to an instance (#9751) lxd_connection: Allow non-root users to connect to an instance (#9659) * fix: add support for non-root user * fix: show correct info for connection * fix: use build_exec_command to execute as nonroot * unset default user * feat: add options for setting remote user and become method * fix: add root as default remote_user * fix: remove ansible_ssh_user from remote_user vars * fix: use single quotes inside f-string * fix: ensure lxc exec comes first * fix: line length * fix: use -c flag with su * Update plugins/connection/lxd.py Co-authored-by: Felix Fontein <[email protected]> * Update plugins/connection/lxd.py Co-authored-by: Felix Fontein <[email protected]> * Update plugins/connection/lxd.py Co-authored-by: Felix Fontein <[email protected]> * doc: add changelog fragment * fix: use underscore for module name in fragment * Update 9659-lxd_connection-nonroot-user.yml Co-authored-by: Felix Fontein <[email protected]> * fix: add put command * feat: add get_remote_uid_gid placeholder function * feat: complete placeholder _get_remote_uid_gid function * fix: better logging * fix: ensure default values are of type str * fix: use ints for uid and gid * fix: print put command * fix: format * fix: display msg for PUT * fix: add comment about defaults * fix: format * fix: use os module to get uid and gid * Revert "fix: use os module to get uid and gid" This reverts commit bb2ba14. * Update plugins/connection/lxd.py Co-authored-by: Felix Fontein <[email protected]> * fix: omit uid, gid args in lxd file push if root --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit 06df717) Co-authored-by: Peter Siegel <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Currently the
lxd_connectiononly supports connecting to an instance as root. This PR extends the plugin to allow a non-root user, configurable via theansible_uservar to connect to the instance. The optionlxd_become_methodcontrols the command used to switch users, (suby default but could also besudo -u). The defaults ensure the old behavior so this should be a non-breaking change.ISSUE TYPE
COMPONENT NAME
lxd_connection
ADDITIONAL INFORMATION
If it is beneficial I would also be happy to add this functionality to the
incus_connectionandlxc_connectionplugins.