lxc_container: replace subprocess.Popen() with run_command() (#11204)

* lxc_container: replace subprocess.Popen() with run_command() * Update plugins/modules/lxc_container.py Co-authored-by: Felix Fontein <felix@fontein.de> * add changelog frag * retain Popen logic in module_utils * Update plugins/module_utils/_lxc.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
2026-02-04 07:51:50 +00:00 · 2025-12-29 23:47:26 +13:00 · 2025-12-29 23:47:26 +13:00 · 6ae47590cd
commit 6ae47590cd
parent 18c362eef4
9 changed files with 69 additions and 67 deletions
--- a/plugins/module_utils/_lxc.py
+++ b/plugins/module_utils/_lxc.py
@ -0,0 +1,61 @@
+# Copyright (c) 2014, Kevin Carter <kevin.carter@rackspace.com>
+# Copyright (c) 2025, Alexei Znamensky <russoz@gmail.com>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import annotations
+
+import os
+import subprocess
+import tempfile
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.common.text.converters import to_bytes
+
+
+# This is used to attach to a running container and execute commands from
+# within the container on the host.  This will provide local access to a
+# container without using SSH.  The template will attempt to work within the
+# home directory of the user that was attached to the container and source
+# that users environment variables by default.
+ATTACH_TEMPLATE = """#!/usr/bin/env bash
+pushd "$(getent passwd $(whoami)|cut -f6 -d':')"
+    if [[ -f ".bashrc" ]];then
+        source .bashrc
+        unset HOSTNAME
+    fi
+popd
+
+# User defined command
+{}
+"""
+
+
+def create_script(command: str, module: AnsibleModule) -> None:
+    """Write out a script onto a target.
+
+    This method should be backward compatible with Python when executing
+    from within the container.
+
+    :param command: command to run, this can be a script and can use spacing
+                    with newlines as separation.
+    :param module: AnsibleModule to run commands with.
+    """
+
+    script_file = ""
+    try:
+        f = tempfile.NamedTemporaryFile(prefix="lxc-attach-script", delete=False, mode="wb")
+        f.write(to_bytes(ATTACH_TEMPLATE.format(command), errors="surrogate_or_strict"))
+        script_file = f.name
+        f.flush()
+        f.close()
+
+        os.chmod(script_file, 0o0700)
+
+        with tempfile.NamedTemporaryFile(prefix="lxc-attach-script-log", delete=False, mode="ab") as stdout_file:
+            with tempfile.NamedTemporaryFile(prefix="lxc-attach-script-err", delete=False, mode="ab") as stderr_file:
+                subprocess.Popen([script_file], stdout=stdout_file, stderr=stderr_file).communicate()
+
+    finally:
+        if script_file:
+            os.remove(script_file)
--- a/plugins/modules/lxc_container.py
+++ b/plugins/modules/lxc_container.py
@ -408,7 +408,6 @@ lxc_container:

 import os
 import re
-import subprocess
 import tempfile
 import time
 import shlex
@ -424,6 +423,7 @@ from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.parsing.convert_bool import BOOLEANS_FALSE
 from ansible.module_utils.common.text.converters import to_text, to_bytes

+from ansible_collections.community.general.plugins.module_utils._lxc import create_script

 # LXC_COMPRESSION_MAP is a map of available compression types when creating
 # an archive of a container.
@ -504,64 +504,6 @@ LXC_ANSIBLE_STATES = {
 }


-# This is used to attach to a running container and execute commands from
-# within the container on the host.  This will provide local access to a
-# container without using SSH.  The template will attempt to work within the
-# home directory of the user that was attached to the container and source
-# that users environment variables by default.
-ATTACH_TEMPLATE = """#!/usr/bin/env bash
-pushd "$(getent passwd $(whoami)|cut -f6 -d':')"
-    if [[ -f ".bashrc" ]];then
-        source .bashrc
-        unset HOSTNAME
-    fi
-popd
-
-# User defined command
-%(container_command)s
-"""
-
-
-def create_script(command):
-    """Write out a script onto a target.
-
-    This method should be backward compatible with Python when executing
-    from within the container.
-
-    :param command: command to run, this can be a script and can use spacing
-                    with newlines as separation.
-    :type command: ``str``
-    """
-
-    (fd, script_file) = tempfile.mkstemp(prefix="lxc-attach-script")
-    f = os.fdopen(fd, "wb")
-    try:
-        f.write(to_bytes(ATTACH_TEMPLATE % {"container_command": command}, errors="surrogate_or_strict"))
-        f.flush()
-    finally:
-        f.close()
-
-    # Ensure the script is executable.
-    os.chmod(script_file, int("0700", 8))
-
-    # Output log file.
-    stdout_file = os.fdopen(tempfile.mkstemp(prefix="lxc-attach-script-log")[0], "ab")
-
-    # Error log file.
-    stderr_file = os.fdopen(tempfile.mkstemp(prefix="lxc-attach-script-err")[0], "ab")
-
-    # Execute the script command.
-    try:
-        subprocess.Popen([script_file], stdout=stdout_file, stderr=stderr_file).communicate()
-    finally:
-        # Close the log files.
-        stderr_file.close()
-        stdout_file.close()
-
-        # Remove the script file upon completion of execution.
-        os.remove(script_file)
-
-
 class LxcContainerManagement:
    def __init__(self, module):
        """Management of LXC containers via Ansible.
@ -865,7 +807,7 @@ class LxcContainerManagement:
            elif container_state == "stopped":
                self._container_startup()

-            self.container.attach_wait(create_script, container_command)
+            self.container.attach_wait(create_script, (container_command, self.module))
            self.state_change = True

    def _container_startup(self, timeout=60):