2012-03-10 18:35:46 +00:00
|
|
|
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
|
|
|
|
#
|
|
|
|
|
# This file is part of Ansible
|
|
|
|
|
#
|
|
|
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
# (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
2013-07-04 18:05:41 +00:00
|
|
|
|
|
|
|
|
# ---
|
|
|
|
|
# The paramiko transport is provided because many distributions, in particular EL6 and before
|
|
|
|
|
# do not support ControlPersist in their SSH implementations. This is needed on the Ansible
|
|
|
|
|
# control machine to be reasonably efficient with connections. Thus paramiko is faster
|
|
|
|
|
# for most users on these platforms. Users with ControlPersist capability can consider
|
|
|
|
|
# using -c ssh or configuring the transport in ansible.cfg.
|
|
|
|
|
|
2012-04-12 00:20:55 +00:00
|
|
|
import warnings
|
2012-03-13 00:53:10 +00:00
|
|
|
import os
|
More robust remote sudo.
The basic idea is sudo /bin/sh -c 'quoted_command'. We use Paramiko's low-level API to set a timeout, get a pseudo tty, execute sudo and the (shell quoted) command atomically, wait just until sudo is ready to accept the password before sending it down the pipe, and then return the command's stdout and stderr.
This should be faster, as there are no unneeded sleeps. There are no permissions issues reading the output. It will raise socket.timeout if the command takes too long. However, this is a per-read timeout, not a total execution timeout, so as long as the command is writing output and you are reading it, it will not time out.
Local and non-sudo commands remain unchanged, but should probably adopt a similar approach.
Since this is a significant change, it needs a lot of testing. Also, someone smarter than I should double-check the quoting and execution, since it is a security issue.
2012-04-23 20:32:08 +00:00
|
|
|
import pipes
|
2012-04-27 04:46:17 +00:00
|
|
|
import socket
|
|
|
|
|
import random
|
2013-05-17 10:36:40 +00:00
|
|
|
import logging
|
2013-07-03 20:47:20 +00:00
|
|
|
import traceback
|
|
|
|
|
import fcntl
|
|
|
|
|
import sys
|
2013-07-04 18:05:41 +00:00
|
|
|
from termios import tcflush, TCIFLUSH
|
2013-07-03 20:47:20 +00:00
|
|
|
from binascii import hexlify
|
2012-08-09 01:09:14 +00:00
|
|
|
from ansible.callbacks import vvv
|
2012-03-18 21:16:12 +00:00
|
|
|
from ansible import errors
|
2013-01-10 05:50:56 +00:00
|
|
|
from ansible import utils
|
2013-07-03 20:47:20 +00:00
|
|
|
from ansible import constants as C
|
2013-07-04 18:05:41 +00:00
|
|
|
|
|
|
|
|
AUTHENTICITY_MSG="""
|
|
|
|
|
paramiko: The authenticity of host '%s' can't be established.
|
|
|
|
|
The %s key fingerprint is %s.
|
|
|
|
|
Are you sure you want to continue connecting (yes/no)?
|
|
|
|
|
"""
|
2012-07-15 16:29:53 +00:00
|
|
|
|
|
|
|
|
# prevent paramiko warning noise -- see http://stackoverflow.com/questions/3920502/
|
2012-07-12 04:43:51 +00:00
|
|
|
HAVE_PARAMIKO=False
|
More robust remote sudo.
The basic idea is sudo /bin/sh -c 'quoted_command'. We use Paramiko's low-level API to set a timeout, get a pseudo tty, execute sudo and the (shell quoted) command atomically, wait just until sudo is ready to accept the password before sending it down the pipe, and then return the command's stdout and stderr.
This should be faster, as there are no unneeded sleeps. There are no permissions issues reading the output. It will raise socket.timeout if the command takes too long. However, this is a per-read timeout, not a total execution timeout, so as long as the command is writing output and you are reading it, it will not time out.
Local and non-sudo commands remain unchanged, but should probably adopt a similar approach.
Since this is a significant change, it needs a lot of testing. Also, someone smarter than I should double-check the quoting and execution, since it is a security issue.
2012-04-23 20:32:08 +00:00
|
|
|
with warnings.catch_warnings():
|
|
|
|
|
warnings.simplefilter("ignore")
|
2012-07-12 04:43:51 +00:00
|
|
|
try:
|
|
|
|
|
import paramiko
|
|
|
|
|
HAVE_PARAMIKO=True
|
2013-05-18 20:31:36 +00:00
|
|
|
logging.getLogger("paramiko").setLevel(logging.WARNING)
|
2012-07-12 04:43:51 +00:00
|
|
|
except ImportError:
|
|
|
|
|
pass
|
More robust remote sudo.
The basic idea is sudo /bin/sh -c 'quoted_command'. We use Paramiko's low-level API to set a timeout, get a pseudo tty, execute sudo and the (shell quoted) command atomically, wait just until sudo is ready to accept the password before sending it down the pipe, and then return the command's stdout and stderr.
This should be faster, as there are no unneeded sleeps. There are no permissions issues reading the output. It will raise socket.timeout if the command takes too long. However, this is a per-read timeout, not a total execution timeout, so as long as the command is writing output and you are reading it, it will not time out.
Local and non-sudo commands remain unchanged, but should probably adopt a similar approach.
Since this is a significant change, it needs a lot of testing. Also, someone smarter than I should double-check the quoting and execution, since it is a security issue.
2012-04-23 20:32:08 +00:00
|
|
|
|
2013-07-04 18:05:41 +00:00
|
|
|
class MyAddPolicy(object):
|
2013-07-03 20:47:20 +00:00
|
|
|
"""
|
2013-07-04 18:05:41 +00:00
|
|
|
Based on AutoAddPolicy in paramiko so we can determine when keys are added
|
|
|
|
|
and also prompt for input.
|
2013-07-03 20:47:20 +00:00
|
|
|
|
|
|
|
|
Policy for automatically adding the hostname and new host key to the
|
|
|
|
|
local L{HostKeys} object, and saving it. This is used by L{SSHClient}.
|
|
|
|
|
"""
|
|
|
|
|
|
2013-07-04 18:05:41 +00:00
|
|
|
def __init__(self, runner):
|
|
|
|
|
self.runner = runner
|
|
|
|
|
|
2013-07-03 20:47:20 +00:00
|
|
|
def missing_host_key(self, client, hostname, key):
|
|
|
|
|
|
2013-07-04 18:05:41 +00:00
|
|
|
if C.HOST_KEY_CHECKING:
|
|
|
|
|
|
2013-07-04 22:17:45 +00:00
|
|
|
fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX)
|
|
|
|
|
fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_EX)
|
|
|
|
|
|
2013-07-04 18:05:41 +00:00
|
|
|
old_stdin = sys.stdin
|
|
|
|
|
sys.stdin = self.runner._new_stdin
|
|
|
|
|
fingerprint = hexlify(key.get_fingerprint())
|
|
|
|
|
ktype = key.get_name()
|
|
|
|
|
|
|
|
|
|
# clear out any premature input on sys.stdin
|
|
|
|
|
tcflush(sys.stdin, TCIFLUSH)
|
|
|
|
|
|
|
|
|
|
inp = raw_input(AUTHENTICITY_MSG % (hostname, ktype, fingerprint))
|
|
|
|
|
sys.stdin = old_stdin
|
|
|
|
|
if inp not in ['yes','y','']:
|
2013-07-04 22:17:45 +00:00
|
|
|
fcntl.flock(self.runner.output_lockfile, fcntl.LOCK_UN)
|
|
|
|
|
fcntl.flock(self.runner.process_lockfile, fcntl.LOCK_UN)
|
2013-07-04 18:05:41 +00:00
|
|
|
raise errors.AnsibleError("host connection rejected by user")
|
|
|
|
|
|
2013-07-04 22:17:45 +00:00
|
|
|
fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_UN)
|
|
|
|
|
fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN)
|
2013-07-04 18:05:41 +00:00
|
|
|
|
|
|
|
|
|
2013-07-03 20:47:20 +00:00
|
|
|
key._added_by_ansible_this_time = True
|
|
|
|
|
|
|
|
|
|
# existing implementation below:
|
|
|
|
|
client._host_keys.add(hostname, key.get_name(), key)
|
2013-07-04 18:05:41 +00:00
|
|
|
|
|
|
|
|
# host keys are actually saved in close() function below
|
|
|
|
|
# in order to control ordering.
|
2013-07-03 20:47:20 +00:00
|
|
|
|
|
|
|
|
|
2012-10-26 02:09:54 +00:00
|
|
|
# keep connection objects on a per host basis to avoid repeated attempts to reconnect
|
|
|
|
|
|
|
|
|
|
SSH_CONNECTION_CACHE = {}
|
|
|
|
|
SFTP_CONNECTION_CACHE = {}
|
|
|
|
|
|
2012-08-18 14:52:24 +00:00
|
|
|
class Connection(object):
|
2012-03-10 18:35:46 +00:00
|
|
|
''' SSH based connections with Paramiko '''
|
|
|
|
|
|
2013-04-05 18:42:18 +00:00
|
|
|
def __init__(self, runner, host, port, user, password, private_key_file, *args, **kwargs):
|
2012-08-18 14:52:24 +00:00
|
|
|
|
2012-03-10 18:35:46 +00:00
|
|
|
self.ssh = None
|
2012-10-26 21:54:21 +00:00
|
|
|
self.sftp = None
|
2012-03-10 18:35:46 +00:00
|
|
|
self.runner = runner
|
|
|
|
|
self.host = host
|
2012-04-17 01:52:15 +00:00
|
|
|
self.port = port
|
2013-02-10 22:22:18 +00:00
|
|
|
self.user = user
|
|
|
|
|
self.password = password
|
2013-03-19 16:28:43 +00:00
|
|
|
self.private_key_file = private_key_file
|
2012-03-10 18:35:46 +00:00
|
|
|
|
2012-10-26 02:09:54 +00:00
|
|
|
def _cache_key(self):
|
2013-02-10 22:22:18 +00:00
|
|
|
return "%s__%s__" % (self.host, self.user)
|
2012-10-26 02:09:54 +00:00
|
|
|
|
2012-07-15 16:29:53 +00:00
|
|
|
def connect(self):
|
2012-10-26 02:09:54 +00:00
|
|
|
cache_key = self._cache_key()
|
|
|
|
|
if cache_key in SSH_CONNECTION_CACHE:
|
|
|
|
|
self.ssh = SSH_CONNECTION_CACHE[cache_key]
|
|
|
|
|
else:
|
|
|
|
|
self.ssh = SSH_CONNECTION_CACHE[cache_key] = self._connect_uncached()
|
|
|
|
|
return self
|
|
|
|
|
|
|
|
|
|
def _connect_uncached(self):
|
2012-07-15 16:29:53 +00:00
|
|
|
''' activates the connection object '''
|
2012-07-12 04:43:51 +00:00
|
|
|
|
|
|
|
|
if not HAVE_PARAMIKO:
|
|
|
|
|
raise errors.AnsibleError("paramiko is not installed")
|
|
|
|
|
|
2013-02-10 22:22:18 +00:00
|
|
|
vvv("ESTABLISH CONNECTION FOR USER: %s on PORT %s TO %s" % (self.user, self.port, self.host), host=self.host)
|
2012-08-10 01:14:30 +00:00
|
|
|
|
2012-03-29 02:51:16 +00:00
|
|
|
ssh = paramiko.SSHClient()
|
2013-07-03 20:47:20 +00:00
|
|
|
|
|
|
|
|
self.keyfile = os.path.expanduser("~/.ssh/known_hosts")
|
|
|
|
|
|
|
|
|
|
if C.HOST_KEY_CHECKING:
|
|
|
|
|
ssh.load_system_host_keys()
|
2013-07-04 18:05:41 +00:00
|
|
|
ssh.set_missing_host_key_policy(MyAddPolicy(self.runner))
|
2012-03-29 00:58:34 +00:00
|
|
|
|
2012-09-27 07:57:06 +00:00
|
|
|
allow_agent = True
|
2013-02-10 22:22:18 +00:00
|
|
|
if self.password is not None:
|
2012-09-27 07:57:06 +00:00
|
|
|
allow_agent = False
|
2012-03-10 18:35:46 +00:00
|
|
|
try:
|
2013-03-19 16:28:43 +00:00
|
|
|
if self.private_key_file:
|
|
|
|
|
key_filename = os.path.expanduser(self.private_key_file)
|
|
|
|
|
elif self.runner.private_key_file:
|
2013-01-21 20:48:02 +00:00
|
|
|
key_filename = os.path.expanduser(self.runner.private_key_file)
|
|
|
|
|
else:
|
|
|
|
|
key_filename = None
|
2013-02-10 22:22:18 +00:00
|
|
|
ssh.connect(self.host, username=self.user, allow_agent=allow_agent, look_for_keys=True,
|
|
|
|
|
key_filename=key_filename, password=self.password,
|
2012-07-15 16:29:53 +00:00
|
|
|
timeout=self.runner.timeout, port=self.port)
|
2012-03-10 18:35:46 +00:00
|
|
|
except Exception, e:
|
2012-06-01 21:16:02 +00:00
|
|
|
msg = str(e)
|
|
|
|
|
if "PID check failed" in msg:
|
2012-03-29 00:32:04 +00:00
|
|
|
raise errors.AnsibleError("paramiko version issue, please upgrade paramiko on the machine running ansible")
|
2012-06-01 21:16:02 +00:00
|
|
|
elif "Private key file is encrypted" in msg:
|
|
|
|
|
msg = 'ssh %s@%s:%s : %s\nTo connect as a different user, use -u <username>.' % (
|
2013-02-10 22:22:18 +00:00
|
|
|
self.user, self.host, self.port, msg)
|
2012-06-01 21:16:02 +00:00
|
|
|
raise errors.AnsibleConnectionFailed(msg)
|
2012-03-29 02:51:16 +00:00
|
|
|
else:
|
2012-06-01 21:16:02 +00:00
|
|
|
raise errors.AnsibleConnectionFailed(msg)
|
2012-03-29 00:58:34 +00:00
|
|
|
|
2012-10-26 02:09:54 +00:00
|
|
|
return ssh
|
2012-03-10 18:35:46 +00:00
|
|
|
|
2012-12-23 18:17:07 +00:00
|
|
|
def exec_command(self, cmd, tmp_path, sudo_user, sudoable=False, executable='/bin/sh'):
|
2012-03-10 18:35:46 +00:00
|
|
|
''' run a command on the remote host '''
|
2012-07-15 16:29:53 +00:00
|
|
|
|
2012-04-27 05:25:38 +00:00
|
|
|
bufsize = 4096
|
2012-08-10 04:47:09 +00:00
|
|
|
try:
|
|
|
|
|
chan = self.ssh.get_transport().open_session()
|
|
|
|
|
except Exception, e:
|
|
|
|
|
msg = "Failed to open session"
|
|
|
|
|
if len(str(e)) > 0:
|
|
|
|
|
msg += ": %s" % str(e)
|
|
|
|
|
raise errors.AnsibleConnectionFailed(msg)
|
2012-04-27 05:36:31 +00:00
|
|
|
|
2012-04-24 13:48:55 +00:00
|
|
|
if not self.runner.sudo or not sudoable:
|
2013-01-08 16:45:37 +00:00
|
|
|
if executable:
|
|
|
|
|
quoted_command = executable + ' -c ' + pipes.quote(cmd)
|
|
|
|
|
else:
|
|
|
|
|
quoted_command = cmd
|
2012-08-09 01:09:14 +00:00
|
|
|
vvv("EXEC %s" % quoted_command, host=self.host)
|
2012-04-27 04:46:26 +00:00
|
|
|
chan.exec_command(quoted_command)
|
2012-03-29 02:51:16 +00:00
|
|
|
else:
|
2013-02-14 21:23:34 +00:00
|
|
|
# sudo usually requires a PTY (cf. requiretty option), therefore
|
2013-09-25 12:15:49 +00:00
|
|
|
# we give it one by default (pty=True in ansble.cfg), and we try
|
|
|
|
|
# to initialise from the calling environment
|
|
|
|
|
if C.PARAMIKO_PTY:
|
|
|
|
|
chan.get_pty(term=os.getenv('TERM', 'vt100'),
|
|
|
|
|
width=int(os.getenv('COLUMNS', 0)),
|
|
|
|
|
height=int(os.getenv('LINES', 0)))
|
2013-10-30 18:18:35 +00:00
|
|
|
shcmd, prompt, success_key = utils.make_sudo_cmd(sudo_user, executable, cmd)
|
2012-11-22 19:06:30 +00:00
|
|
|
vvv("EXEC %s" % shcmd, host=self.host)
|
2012-04-27 05:25:38 +00:00
|
|
|
sudo_output = ''
|
|
|
|
|
try:
|
2012-11-22 19:06:30 +00:00
|
|
|
chan.exec_command(shcmd)
|
2012-04-27 05:25:38 +00:00
|
|
|
if self.runner.sudo_pass:
|
2013-10-30 18:18:35 +00:00
|
|
|
while not sudo_output.endswith(prompt) and success_key not in sudo_output:
|
2012-04-27 05:25:38 +00:00
|
|
|
chunk = chan.recv(bufsize)
|
|
|
|
|
if not chunk:
|
2012-08-02 06:08:51 +00:00
|
|
|
if 'unknown user' in sudo_output:
|
|
|
|
|
raise errors.AnsibleError(
|
|
|
|
|
'user %s does not exist' % sudo_user)
|
|
|
|
|
else:
|
|
|
|
|
raise errors.AnsibleError('ssh connection ' +
|
|
|
|
|
'closed waiting for password prompt')
|
2012-04-27 05:25:38 +00:00
|
|
|
sudo_output += chunk
|
2013-10-30 18:18:35 +00:00
|
|
|
if success_key not in sudo_output:
|
|
|
|
|
chan.sendall(self.runner.sudo_pass + '\n')
|
2012-04-27 05:25:38 +00:00
|
|
|
except socket.timeout:
|
|
|
|
|
raise errors.AnsibleError('ssh timed out waiting for sudo.\n' + sudo_output)
|
|
|
|
|
|
2013-01-28 23:38:07 +00:00
|
|
|
stdout = ''.join(chan.makefile('rb', bufsize))
|
|
|
|
|
stderr = ''.join(chan.makefile_stderr('rb', bufsize))
|
|
|
|
|
return (chan.recv_exit_status(), '', stdout, stderr)
|
2012-03-10 18:35:46 +00:00
|
|
|
|
|
|
|
|
def put_file(self, in_path, out_path):
|
|
|
|
|
''' transfer a file from local to remote '''
|
2012-08-09 01:09:14 +00:00
|
|
|
vvv("PUT %s TO %s" % (in_path, out_path), host=self.host)
|
2012-03-13 00:53:10 +00:00
|
|
|
if not os.path.exists(in_path):
|
2012-03-18 21:16:12 +00:00
|
|
|
raise errors.AnsibleFileNotFound("file or module does not exist: %s" % in_path)
|
2012-08-09 00:27:33 +00:00
|
|
|
try:
|
2012-10-26 01:49:28 +00:00
|
|
|
self.sftp = self.ssh.open_sftp()
|
2013-03-02 02:39:50 +00:00
|
|
|
except Exception, e:
|
|
|
|
|
raise errors.AnsibleError("failed to open a SFTP connection (%s)" % e)
|
2012-03-13 00:53:10 +00:00
|
|
|
try:
|
2012-10-26 01:49:28 +00:00
|
|
|
self.sftp.put(in_path, out_path)
|
2012-03-13 00:53:10 +00:00
|
|
|
except IOError:
|
2012-03-23 15:59:08 +00:00
|
|
|
raise errors.AnsibleError("failed to transfer file to %s" % out_path)
|
2012-03-10 18:35:46 +00:00
|
|
|
|
2012-10-26 02:09:54 +00:00
|
|
|
def _connect_sftp(self):
|
2013-02-10 22:22:18 +00:00
|
|
|
cache_key = "%s__%s__" % (self.host, self.user)
|
2012-10-26 02:09:54 +00:00
|
|
|
if cache_key in SFTP_CONNECTION_CACHE:
|
|
|
|
|
return SFTP_CONNECTION_CACHE[cache_key]
|
|
|
|
|
else:
|
|
|
|
|
result = SFTP_CONNECTION_CACHE[cache_key] = self.connect().ssh.open_sftp()
|
|
|
|
|
return result
|
|
|
|
|
|
2012-04-11 03:19:23 +00:00
|
|
|
def fetch_file(self, in_path, out_path):
|
2012-07-15 16:29:53 +00:00
|
|
|
''' save a remote file to the specified path '''
|
2012-08-09 01:09:14 +00:00
|
|
|
vvv("FETCH %s TO %s" % (in_path, out_path), host=self.host)
|
2012-08-09 00:27:33 +00:00
|
|
|
try:
|
2012-10-26 02:09:54 +00:00
|
|
|
self.sftp = self._connect_sftp()
|
2013-03-02 02:39:50 +00:00
|
|
|
except Exception, e:
|
|
|
|
|
raise errors.AnsibleError("failed to open a SFTP connection (%s)", e)
|
2012-04-11 03:19:23 +00:00
|
|
|
try:
|
2012-10-26 01:49:28 +00:00
|
|
|
self.sftp.get(in_path, out_path)
|
2012-04-11 03:19:23 +00:00
|
|
|
except IOError:
|
|
|
|
|
raise errors.AnsibleError("failed to transfer file from %s" % in_path)
|
|
|
|
|
|
2013-07-04 22:17:45 +00:00
|
|
|
def _any_keys_added(self):
|
2013-07-03 20:47:20 +00:00
|
|
|
added_any = False
|
|
|
|
|
for hostname, keys in self.ssh._host_keys.iteritems():
|
|
|
|
|
for keytype, key in keys.iteritems():
|
|
|
|
|
added_this_time = getattr(key, '_added_by_ansible_this_time', False)
|
|
|
|
|
if added_this_time:
|
2013-07-04 22:17:45 +00:00
|
|
|
return True
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
def _save_ssh_host_keys(self, filename):
|
|
|
|
|
'''
|
|
|
|
|
not using the paramiko save_ssh_host_keys function as we want to add new SSH keys at the bottom so folks
|
|
|
|
|
don't complain about it :)
|
|
|
|
|
'''
|
2013-07-03 20:47:20 +00:00
|
|
|
|
2013-07-04 22:17:45 +00:00
|
|
|
if not self._any_keys_added():
|
|
|
|
|
return False
|
2013-07-03 20:47:20 +00:00
|
|
|
|
|
|
|
|
path = os.path.expanduser("~/.ssh")
|
|
|
|
|
if not os.path.exists(path):
|
|
|
|
|
os.makedirs(path)
|
|
|
|
|
|
|
|
|
|
f = open(filename, 'w')
|
|
|
|
|
for hostname, keys in self.ssh._host_keys.iteritems():
|
|
|
|
|
for keytype, key in keys.iteritems():
|
2013-07-20 16:47:46 +00:00
|
|
|
# was f.write
|
|
|
|
|
added_this_time = getattr(key, '_added_by_ansible_this_time', False)
|
|
|
|
|
if not added_this_time:
|
|
|
|
|
f.write("%s %s %s\n" % (hostname, keytype, key.get_base64()))
|
2013-07-03 20:47:20 +00:00
|
|
|
for hostname, keys in self.ssh._host_keys.iteritems():
|
|
|
|
|
for keytype, key in keys.iteritems():
|
2013-07-20 16:47:46 +00:00
|
|
|
added_this_time = getattr(key, '_added_by_ansible_this_time', False)
|
|
|
|
|
if added_this_time:
|
|
|
|
|
f.write("%s %s %s\n" % (hostname, keytype, key.get_base64()))
|
2013-07-03 20:47:20 +00:00
|
|
|
f.close()
|
|
|
|
|
|
2012-03-10 18:35:46 +00:00
|
|
|
def close(self):
|
|
|
|
|
''' terminate the connection '''
|
2012-10-26 02:09:54 +00:00
|
|
|
cache_key = self._cache_key()
|
|
|
|
|
SSH_CONNECTION_CACHE.pop(cache_key, None)
|
|
|
|
|
SFTP_CONNECTION_CACHE.pop(cache_key, None)
|
2012-10-26 01:49:28 +00:00
|
|
|
if self.sftp is not None:
|
|
|
|
|
self.sftp.close()
|
2013-07-03 20:47:20 +00:00
|
|
|
|
2013-07-06 01:42:41 +00:00
|
|
|
if C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added():
|
|
|
|
|
|
2013-07-04 22:17:45 +00:00
|
|
|
# add any new SSH host keys -- warning -- this could be slow
|
|
|
|
|
lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock")
|
2013-07-06 01:42:41 +00:00
|
|
|
dirname = os.path.dirname(self.keyfile)
|
|
|
|
|
if not os.path.exists(dirname):
|
|
|
|
|
os.makedirs(dirname)
|
|
|
|
|
|
2013-07-04 22:17:45 +00:00
|
|
|
KEY_LOCK = open(lockfile, 'w')
|
|
|
|
|
fcntl.lockf(KEY_LOCK, fcntl.LOCK_EX)
|
|
|
|
|
try:
|
|
|
|
|
# just in case any were added recently
|
|
|
|
|
self.ssh.load_system_host_keys()
|
|
|
|
|
self.ssh._host_keys.update(self.ssh._system_host_keys)
|
|
|
|
|
self._save_ssh_host_keys(self.keyfile)
|
|
|
|
|
except:
|
|
|
|
|
# unable to save keys, including scenario when key was invalid
|
|
|
|
|
# and caught earlier
|
|
|
|
|
traceback.print_exc()
|
|
|
|
|
pass
|
|
|
|
|
fcntl.lockf(KEY_LOCK, fcntl.LOCK_UN)
|
2013-07-03 20:47:20 +00:00
|
|
|
|
2012-03-10 18:35:46 +00:00
|
|
|
self.ssh.close()
|
2012-10-26 02:09:54 +00:00
|
|
|
|
