pyinfra icon indicating copy to clipboard operation
pyinfra copied to clipboard
verified publisher icon pyinfra-dev

server.script() - sudo fails to apply, and always re-runs script

Open gnat opened this issue 2 years ago • 5 comments

Describe the bug

/tasks/test.py

#...
server.script('./tasks/test.sh')

/tasks/test.sh

#!/bin/bash
echo "hi $USER"
sudo echo "hello $USER"

This prompts for a password, but then erroneously re-runs test.sh and fails to apply sudo anyway.

Expected behavior

sudo in test.sh should simply accept user input and continue, like server.shell()

gnat avatar Jan 12 '23 19:01 gnat

Note, if you run file.put() then server.shell() manually, the script will not re-run. (Good!) But sudo will still fail to apply.

gnat avatar Jan 12 '23 20:01 gnat

So the following should work:

server.script("./task/test.sh", _sudo=True)

The issue here is pyinfra cannot detect the contents of the script so won't attempt to do sudo. I believe the prompt is a side effect from the progress bar printing (running pyinfra @local exec 'sudo echo hi' replicates this). I'm not sure there's any way to avoid this behaviour unfortunately there doesn't seem to be any environment variable to prevent sudo prompting 🤔.

Fizzadar avatar Jan 15 '23 16:01 Fizzadar

sudo/root for the whole script works well.

It'd be amazing to see pyinfra gain the ability to run any adhoc .sh scripts which may call sudo for specific lines in the script; super common in shell scripts.

The solution may be as simple as ensuring the sudo prompt makes it to pyinfra.

Use case- would allow us to drop any shell script from the internet into pyinfra and have it work as-is; and to ease migrations from existing systems to pyinfra.

Unsure if this is possible but just a pass through of the typical sudo prompt would be fine-- But leveraging pyinfra's auto password entry on sudo would be a killer feature. Unfortunately neither work at the moment- except for running the entire script as sudo which can break existing shells scripts (example: running crontab as root instead of user)

gnat avatar Jan 17 '23 04:01 gnat

Totally agree this really would be a killer feature! The original sudo password issue has some interesting/relevant comments. I wonder if SUDO_ASKPASS being set correctly would solve this at least for explicit _sudo_password values 🤔.

Fizzadar avatar Feb 12 '23 14:02 Fizzadar

Finally got round to testing this out, unfortunately it doesn’t work :(. Unless explicitly run with _sudo the script will hang.

There doesn’t appear to be any environment variable to completely disable sudo prompting which would at least allow scripts to error rather than hang. Need more research here..

Fizzadar avatar Feb 03 '24 08:02 Fizzadar