a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community.general/lib/ansible/runner/connection_plugins/ssh.py

311 lines
12 KiB
Python
Raw Normal View History

Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
import os
import subprocess
import shlex
import pipes
import random
import select
import fcntl
Adding support for hashed known_hosts entries Fixes Issue #3716 - SSH known host checking needs to understand hashed known hosts
2013-08-02 16:08:02 +00:00
import hmac
now ssh connection plugin will only pass user as an option to ssh if it is differnt from the current user. This should enable overrides for user in .ssh/config w/o breaking any current functionality. Signed-off-by: Brian Coca <briancoca+dev@gmail.com>
2013-03-27 20:41:54 +00:00
import pwd
support i18n on sudo failure
2013-08-08 15:02:52 +00:00
import gettext
fixes for PTY handling
2013-09-16 21:19:39 +00:00
import pty
Adding support for hashed known_hosts entries Fixes Issue #3716 - SSH known host checking needs to understand hashed known hosts
2013-08-02 16:08:02 +00:00
from hashlib import sha1
Adding ability to set ssh args from config file
2012-08-15 00:13:02 +00:00
import ansible.constants as C
Add -vvv support for debugging activity
2012-08-09 01:09:14 +00:00
from ansible.callbacks import vvv
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
from ansible import errors
Move sudo command making to one common function
2013-01-10 05:50:56 +00:00
from ansible import utils
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
make connection types pluggable
2012-08-18 14:52:24 +00:00
class Connection(object):
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
''' ssh based connections '''
Standardize args/kwargs on connection plugins.
2013-04-05 18:42:18 +00:00
def __init__(self, runner, host, port, user, password, private_key_file, *args, **kwargs):
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
self.runner = runner
self.host = host
fix ssh connection plugin to work with ipv6 address Due to various inconsistencies of ssh and sftp regarding ipv6 and ipv4 handling, some special arguments must be passed, and the ipv6 must be passed in a specific format.
2013-08-18 21:08:35 +00:00
self.ipv6 = ':' in self.host
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
self.port = port
Add ansible_ssh_user/pass to enable inventory-defined users
2013-02-10 22:22:18 +00:00
self.user = user
self.password = password
Make private key customizable per host using ansible_ssh_private_key_file configurable as variable This fixes issue #1026 for @toshywoshy together with ansible_ssh_user and ansible_ssh_port.
2013-03-19 16:28:43 +00:00
self.private_key_file = private_key_file
Adding support for hashed known_hosts entries Fixes Issue #3716 - SSH known host checking needs to understand hashed known hosts
2013-08-02 16:08:02 +00:00
self.HASHED_KEY_MAGIC = "|1|"
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
Fix race condition on creating the temp directory for ControlPersist Fixes #3943
2013-09-03 15:59:50 +00:00
fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX)
self.cp_dir = utils.prepare_writeable_dir('$HOME/.ansible/cp',mode=0700)
fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN)
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
def connect(self):
''' connect to the remote host '''
Misc code cleanup, mostly whitespace preferences, removing unused imports, plus a few fixes here and there.
2012-07-15 16:29:53 +00:00
Add ansible_ssh_user/pass to enable inventory-defined users
2013-02-10 22:22:18 +00:00
vvv("ESTABLISH CONNECTION FOR USER: %s" % self.user, host=self.host)
Default -u (user) and "user:" in playbooks to the current user.
2012-08-11 21:33:34 +00:00
added ability to ovverride all ssh settings via ANSIBLE_SSH_ARGS
2012-06-26 18:59:42 +00:00
self.common_args = []
Adding ability to set ssh args from config file
2012-08-15 00:13:02 +00:00
extra_args = C.ANSIBLE_SSH_ARGS
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
if extra_args is not None:
self.common_args += shlex.split(extra_args)
Default to using a ControlMaster connection
2012-06-19 19:58:24 +00:00
else:
self.common_args += ["-o", "ControlMaster=auto",
"-o", "ControlPersist=60s",
Make ssh's ControlPath configurable via ansible.cfg This shouldn't generally be needed unless you're working in an environment that uses rediculously long FQDNs; if the name is too long, you wind up hitting unix domain socket filepath limits enforced by ssh.
2013-09-18 19:03:40 +00:00
"-o", "ControlPath=%s" % (C.ANSIBLE_SSH_CONTROL_PATH % dict(directory=self.cp_dir))]
SSH connection plugin creates ControlPersist socket files in a secure directory Files were being created in /tmp, but will now be created in $HOME/.ansible/cp/ Addresses CVE-2013-4259: ansible uses a socket with predictable filename in /tmp
2013-08-20 17:03:50 +00:00
cp_in_use = False
cp_path_set = False
for arg in self.common_args:
if arg.find("ControlPersist") != -1:
cp_in_use = True
if arg.find("ControlPath") != -1:
cp_path_set = True
if cp_in_use and not cp_path_set:
Make ssh's ControlPath configurable via ansible.cfg This shouldn't generally be needed unless you're working in an environment that uses rediculously long FQDNs; if the name is too long, you wind up hitting unix domain socket filepath limits enforced by ssh.
2013-09-18 19:03:40 +00:00
self.common_args += ["-o", "ControlPath=%s" % (C.ANSIBLE_SSH_CONTROL_PATH % dict(directory=self.cp_dir))]
Makes host key checking the default behavior but can be disabled in ansible.cfg or by environment variable.
2013-07-03 20:47:20 +00:00
if not C.HOST_KEY_CHECKING:
self.common_args += ["-o", "StrictHostKeyChecking=no"]
added ability to ovverride all ssh settings via ANSIBLE_SSH_ARGS
2012-06-26 18:59:42 +00:00
if self.port is not None:
self.common_args += ["-o", "Port=%d" % (self.port)]
Make private key customizable per host using ansible_ssh_private_key_file configurable as variable This fixes issue #1026 for @toshywoshy together with ansible_ssh_user and ansible_ssh_port.
2013-03-19 16:28:43 +00:00
if self.private_key_file is not None:
self.common_args += ["-o", "IdentityFile="+os.path.expanduser(self.private_key_file)]
elif self.runner.private_key_file is not None:
Expand ~ shell shortcuts for the --private-key argument
2013-01-20 21:16:01 +00:00
self.common_args += ["-o", "IdentityFile="+os.path.expanduser(self.runner.private_key_file)]
Add ansible_ssh_user/pass to enable inventory-defined users
2013-02-10 22:22:18 +00:00
if self.password:
Disable authentication methods that weren't specified
2012-11-27 09:51:35 +00:00
self.common_args += ["-o", "GSSAPIAuthentication=no",
"-o", "PubkeyAuthentication=no"]
else:
self.common_args += ["-o", "KbdInteractiveAuthentication=no",
Also add back gssapi-keyex While this is not currently implemented in openssh as far as I know, there is patch floating around on the web and this may land one day upstream.
2013-09-06 08:29:43 +00:00
"-o", "PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey",
Disable authentication methods that weren't specified
2012-11-27 09:51:35 +00:00
"-o", "PasswordAuthentication=no"]
now ssh connection plugin will only pass user as an option to ssh if it is differnt from the current user. This should enable overrides for user in .ssh/config w/o breaking any current functionality. Signed-off-by: Brian Coca <briancoca+dev@gmail.com>
2013-03-27 20:41:54 +00:00
if self.user != pwd.getpwuid(os.geteuid())[0]:
self.common_args += ["-o", "User="+self.user]
Add ansible_ssh_user/pass to enable inventory-defined users
2013-02-10 22:22:18 +00:00
self.common_args += ["-o", "ConnectTimeout=%d" % self.runner.timeout]
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
return self
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
def _password_cmd(self):
Add ansible_ssh_user/pass to enable inventory-defined users
2013-02-10 22:22:18 +00:00
if self.password:
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
try:
p = subprocess.Popen(["sshpass"], stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
p.communicate()
except OSError:
Update error message since user may have specified connection type via non command line or by default.
2013-07-19 13:09:04 +00:00
raise errors.AnsibleError("to use the 'ssh' connection type with passwords, you must install the sshpass program")
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
(self.rfd, self.wfd) = os.pipe()
return ["sshpass", "-d%d" % self.rfd]
return []
def _send_password(self):
Add ansible_ssh_user/pass to enable inventory-defined users
2013-02-10 22:22:18 +00:00
if self.password:
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
os.close(self.rfd)
Add ansible_ssh_user/pass to enable inventory-defined users
2013-02-10 22:22:18 +00:00
os.write(self.wfd, "%s\n" % self.password)
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
os.close(self.wfd)
Lock around SSH connectivity to new hosts in host checking mode such that prompts for host approval messages do not get interlaced.
2013-07-04 20:03:17 +00:00
def not_in_host_file(self, host):
host_file = os.path.expanduser("~/.ssh/known_hosts")
if not os.path.exists(host_file):
print "previous known host file not found"
return True
host_fh = open(host_file)
data = host_fh.read()
host_fh.close()
for line in data.split("\n"):
if line is None or line.find(" ") == -1:
continue
tokens = line.split()
Adding support for hashed known_hosts entries Fixes Issue #3716 - SSH known host checking needs to understand hashed known hosts
2013-08-02 16:08:02 +00:00
if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
# this is a hashed known host entry
try:
(kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
hash.update(host)
if hash.digest() == kn_host.decode('base64'):
return False
except:
# invalid hashed host key, skip it
continue
else:
# standard host file entry
if host in tokens[0]:
return False
Lock around SSH connectivity to new hosts in host checking mode such that prompts for host approval messages do not get interlaced.
2013-07-04 20:03:17 +00:00
return True
Allow to change executable (shell/interpreter) when using raw This patch adds an optional 'executable=' option to the raw command line to override the default shell (/bin/sh), much like the shell module does.
2012-12-23 18:17:07 +00:00
def exec_command(self, cmd, tmp_path, sudo_user,sudoable=False, executable='/bin/sh'):
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
''' run a command on the remote host '''
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
ssh_cmd = self._password_cmd()
Added support for -vvvv to enable ssh connection debugging This patch also checks specifically for a return code of 255, which indicates an unknown SSH error of some kind. When that happens, ansible will now recommend running with -vvvv (if not enabled) or show the output from 'ssh -vvv' (when it is enabled)
2013-09-19 10:58:54 +00:00
ssh_cmd += ["ssh", "-tt"]
if utils.VERBOSITY > 3:
ssh_cmd += ["-vvv"]
else:
ssh_cmd += ["-q"]
ssh_cmd += self.common_args
fix ssh connection plugin to work with ipv6 address Due to various inconsistencies of ssh and sftp regarding ipv6 and ipv4 handling, some special arguments must be passed, and the ipv6 must be passed in a specific format.
2013-08-18 21:08:35 +00:00
if self.ipv6:
ssh_cmd += ['-6']
ssh_cmd += [self.host]
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
Allow to change executable (shell/interpreter) when using raw This patch adds an optional 'executable=' option to the raw command line to override the default shell (/bin/sh), much like the shell module does.
2012-12-23 18:17:07 +00:00
if not self.runner.sudo or not sudoable:
Extend executable= support in raw to include no execuable Useful for managing not-UNIX things.
2013-01-08 16:45:37 +00:00
if executable:
ssh_cmd.append(executable + ' -c ' + pipes.quote(cmd))
else:
ssh_cmd.append(cmd)
Allow to change executable (shell/interpreter) when using raw This patch adds an optional 'executable=' option to the raw command line to override the default shell (/bin/sh), much like the shell module does.
2012-12-23 18:17:07 +00:00
else:
Move sudo command making to one common function
2013-01-10 05:50:56 +00:00
sudocmd, prompt = utils.make_sudo_cmd(sudo_user, executable, cmd)
ssh_cmd.append(sudocmd)
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
vvv("EXEC %s" % ssh_cmd, host=self.host)
Lock around SSH connectivity to new hosts in host checking mode such that prompts for host approval messages do not get interlaced.
2013-07-04 20:03:17 +00:00
not_in_host_file = self.not_in_host_file(self.host)
if C.HOST_KEY_CHECKING and not_in_host_file:
# lock around the initial SSH connectivity so the user prompt about whether to add
# the host to known hosts is not intermingled with multiprocess output.
Improve interlaced output prevention when asking for host key approval.
2013-07-04 22:17:45 +00:00
fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX)
fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_EX)
Lock around SSH connectivity to new hosts in host checking mode such that prompts for host approval messages do not get interlaced.
2013-07-04 20:03:17 +00:00
Use proper pseudo-tty's instead of pipes when using subprocess This change avoids the "tcgetattr: Invalid argument" error by making sure the ssh we start does have a proper pseudo-tty. We could also check whether our current terminal is a proper terminal (by doing a tcgetattr ourselves) but I don't think this adds anything. This closes #1662 (if all use-cases have been tested: sudo, passwd)
2012-11-23 16:52:55 +00:00
try:
# Make sure stdin is a proper (pseudo) pty to avoid: tcgetattr errors
master, slave = pty.openpty()
p = subprocess.Popen(ssh_cmd, stdin=slave,
Add return code and error output to raw module Since we use 'raw' heavily on equipment where 'command' and 'shell' are not (yet) working (and python may need to be installed first using raw) these improvements are necessary in order to write more complex scripts (with return code handling and separated stdout/stderr). This change includes the following changes: - exec_command() now returns the return code of the command - _low_level_exec_command() now returns a dict, including 'rc', 'stdout' and 'stderr' - all users of the above interfaces have been improved to make use of the above changes - all connection plugins have been modified to return rc and stderr - fix the newline problem (stdout and stderr would have excess newlines) In a future commit I intend to add assertions or error handling code to verify the return code in those places where it wasn't done. Since only the output was available, the return code was ignored, even though we expect them to be 0.
2012-12-23 00:44:00 +00:00
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
Use proper pseudo-tty's instead of pipes when using subprocess This change avoids the "tcgetattr: Invalid argument" error by making sure the ssh we start does have a proper pseudo-tty. We could also check whether our current terminal is a proper terminal (by doing a tcgetattr ourselves) but I don't think this adds anything. This closes #1662 (if all use-cases have been tested: sudo, passwd)
2012-11-23 16:52:55 +00:00
stdin = os.fdopen(master, 'w', 0)
fixes for PTY handling
2013-09-16 21:19:39 +00:00
os.close(slave)
Use proper pseudo-tty's instead of pipes when using subprocess This change avoids the "tcgetattr: Invalid argument" error by making sure the ssh we start does have a proper pseudo-tty. We could also check whether our current terminal is a proper terminal (by doing a tcgetattr ourselves) but I don't think this adds anything. This closes #1662 (if all use-cases have been tested: sudo, passwd)
2012-11-23 16:52:55 +00:00
except:
p = subprocess.Popen(ssh_cmd, stdin=subprocess.PIPE,
Add return code and error output to raw module Since we use 'raw' heavily on equipment where 'command' and 'shell' are not (yet) working (and python may need to be installed first using raw) these improvements are necessary in order to write more complex scripts (with return code handling and separated stdout/stderr). This change includes the following changes: - exec_command() now returns the return code of the command - _low_level_exec_command() now returns a dict, including 'rc', 'stdout' and 'stderr' - all users of the above interfaces have been improved to make use of the above changes - all connection plugins have been modified to return rc and stderr - fix the newline problem (stdout and stderr would have excess newlines) In a future commit I intend to add assertions or error handling code to verify the return code in those places where it wasn't done. Since only the output was available, the return code was ignored, even though we expect them to be 0.
2012-12-23 00:44:00 +00:00
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
Use proper pseudo-tty's instead of pipes when using subprocess This change avoids the "tcgetattr: Invalid argument" error by making sure the ssh we start does have a proper pseudo-tty. We could also check whether our current terminal is a proper terminal (by doing a tcgetattr ourselves) but I don't think this adds anything. This closes #1662 (if all use-cases have been tested: sudo, passwd)
2012-11-23 16:52:55 +00:00
stdin = p.stdin
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
self._send_password()
if self.runner.sudo and sudoable and self.runner.sudo_pass:
fcntl.fcntl(p.stdout, fcntl.F_SETFL,
fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK)
Wrap all remote commands in sh
2012-11-22 19:06:30 +00:00
sudo_output = ''
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
while not sudo_output.endswith(prompt):
rfd, wfd, efd = select.select([p.stdout], [],
[p.stdout], self.runner.timeout)
if p.stdout in rfd:
chunk = p.stdout.read()
if not chunk:
raise errors.AnsibleError('ssh connection closed waiting for sudo password prompt')
sudo_output += chunk
else:
stdout = p.communicate()
raise errors.AnsibleError('ssh connection error waiting for sudo password prompt')
Use proper pseudo-tty's instead of pipes when using subprocess This change avoids the "tcgetattr: Invalid argument" error by making sure the ssh we start does have a proper pseudo-tty. We could also check whether our current terminal is a proper terminal (by doing a tcgetattr ourselves) but I don't think this adds anything. This closes #1662 (if all use-cases have been tested: sudo, passwd)
2012-11-23 16:52:55 +00:00
stdin.write(self.runner.sudo_pass + '\n')
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) & ~os.O_NONBLOCK)
Wait for process to finish and then parse output
2012-06-20 18:22:48 +00:00
# We can't use p.communicate here because the ControlMaster may have stdout open as well
stdout = ''
Add return code and error output to raw module Since we use 'raw' heavily on equipment where 'command' and 'shell' are not (yet) working (and python may need to be installed first using raw) these improvements are necessary in order to write more complex scripts (with return code handling and separated stdout/stderr). This change includes the following changes: - exec_command() now returns the return code of the command - _low_level_exec_command() now returns a dict, including 'rc', 'stdout' and 'stderr' - all users of the above interfaces have been improved to make use of the above changes - all connection plugins have been modified to return rc and stderr - fix the newline problem (stdout and stderr would have excess newlines) In a future commit I intend to add assertions or error handling code to verify the return code in those places where it wasn't done. Since only the output was available, the return code was ignored, even though we expect them to be 0.
2012-12-23 00:44:00 +00:00
stderr = ''
Make sure we get all data
2012-09-27 19:44:34 +00:00
while True:
Add return code and error output to raw module Since we use 'raw' heavily on equipment where 'command' and 'shell' are not (yet) working (and python may need to be installed first using raw) these improvements are necessary in order to write more complex scripts (with return code handling and separated stdout/stderr). This change includes the following changes: - exec_command() now returns the return code of the command - _low_level_exec_command() now returns a dict, including 'rc', 'stdout' and 'stderr' - all users of the above interfaces have been improved to make use of the above changes - all connection plugins have been modified to return rc and stderr - fix the newline problem (stdout and stderr would have excess newlines) In a future commit I intend to add assertions or error handling code to verify the return code in those places where it wasn't done. Since only the output was available, the return code was ignored, even though we expect them to be 0.
2012-12-23 00:44:00 +00:00
rfd, wfd, efd = select.select([p.stdout, p.stderr], [], [p.stdout, p.stderr], 1)
fail early on the wrong sudo password instead of waiting until the timeout happens
2013-07-17 15:17:13 +00:00
# fail early if the sudo password is wrong
support i18n on sudo failure
2013-08-08 15:02:52 +00:00
if self.runner.sudo and sudoable and self.runner.sudo_pass:
incorrect_password = gettext.dgettext(
"sudo", "Sorry, try again.")
if stdout.endswith("%s\r\n%s" % (incorrect_password, prompt)):
raise errors.AnsibleError('Incorrect sudo password')
fail early on the wrong sudo password instead of waiting until the timeout happens
2013-07-17 15:17:13 +00:00
Wait for process to finish and then parse output
2012-06-20 18:22:48 +00:00
if p.stdout in rfd:
Make sure we get all data
2012-09-27 19:44:34 +00:00
dat = os.read(p.stdout.fileno(), 9000)
stdout += dat
if dat == '':
p.wait()
break
Add return code and error output to raw module Since we use 'raw' heavily on equipment where 'command' and 'shell' are not (yet) working (and python may need to be installed first using raw) these improvements are necessary in order to write more complex scripts (with return code handling and separated stdout/stderr). This change includes the following changes: - exec_command() now returns the return code of the command - _low_level_exec_command() now returns a dict, including 'rc', 'stdout' and 'stderr' - all users of the above interfaces have been improved to make use of the above changes - all connection plugins have been modified to return rc and stderr - fix the newline problem (stdout and stderr would have excess newlines) In a future commit I intend to add assertions or error handling code to verify the return code in those places where it wasn't done. Since only the output was available, the return code was ignored, even though we expect them to be 0.
2012-12-23 00:44:00 +00:00
elif p.stderr in rfd:
dat = os.read(p.stderr.fileno(), 9000)
stderr += dat
if dat == '':
p.wait()
break
Make sure we get all data
2012-09-27 19:44:34 +00:00
elif p.poll() is not None:
break
Use proper pseudo-tty's instead of pipes when using subprocess This change avoids the "tcgetattr: Invalid argument" error by making sure the ssh we start does have a proper pseudo-tty. We could also check whether our current terminal is a proper terminal (by doing a tcgetattr ourselves) but I don't think this adds anything. This closes #1662 (if all use-cases have been tested: sudo, passwd)
2012-11-23 16:52:55 +00:00
stdin.close() # close stdin after we read from stdout (see also issue #848)
Lock around SSH connectivity to new hosts in host checking mode such that prompts for host approval messages do not get interlaced.
2013-07-04 20:03:17 +00:00
if C.HOST_KEY_CHECKING and not_in_host_file:
# lock around the initial SSH connectivity so the user prompt about whether to add
# the host to known hosts is not intermingled with multiprocess output.
Improve interlaced output prevention when asking for host key approval.
2013-07-04 22:17:45 +00:00
fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_UN)
fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN)
Wait for process to finish and then parse output
2012-06-20 18:22:48 +00:00
Add return code and error output to raw module Since we use 'raw' heavily on equipment where 'command' and 'shell' are not (yet) working (and python may need to be installed first using raw) these improvements are necessary in order to write more complex scripts (with return code handling and separated stdout/stderr). This change includes the following changes: - exec_command() now returns the return code of the command - _low_level_exec_command() now returns a dict, including 'rc', 'stdout' and 'stderr' - all users of the above interfaces have been improved to make use of the above changes - all connection plugins have been modified to return rc and stderr - fix the newline problem (stdout and stderr would have excess newlines) In a future commit I intend to add assertions or error handling code to verify the return code in those places where it wasn't done. Since only the output was available, the return code was ignored, even though we expect them to be 0.
2012-12-23 00:44:00 +00:00
if p.returncode != 0 and stderr.find('Bad configuration option: ControlPersist') != -1:
clarify message about name of configuration parameter
2012-10-21 11:11:39 +00:00
raise errors.AnsibleError('using -c ssh on certain older ssh versions may not support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ansible_ssh_args in the config file) before running again')
whitespace + remove deprecated YAML parser (migration script lives in examples/scripts and warning was added in 0.6 release)
2012-08-07 00:07:02 +00:00
Add return code and error output to raw module Since we use 'raw' heavily on equipment where 'command' and 'shell' are not (yet) working (and python may need to be installed first using raw) these improvements are necessary in order to write more complex scripts (with return code handling and separated stdout/stderr). This change includes the following changes: - exec_command() now returns the return code of the command - _low_level_exec_command() now returns a dict, including 'rc', 'stdout' and 'stderr' - all users of the above interfaces have been improved to make use of the above changes - all connection plugins have been modified to return rc and stderr - fix the newline problem (stdout and stderr would have excess newlines) In a future commit I intend to add assertions or error handling code to verify the return code in those places where it wasn't done. Since only the output was available, the return code was ignored, even though we expect them to be 0.
2012-12-23 00:44:00 +00:00
return (p.returncode, '', stdout, stderr)
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
def put_file(self, in_path, out_path):
''' transfer a file from local to remote '''
Add -vvv support for debugging activity
2012-08-09 01:09:14 +00:00
vvv("PUT %s TO %s" % (in_path, out_path), host=self.host)
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
if not os.path.exists(in_path):
raise errors.AnsibleFileNotFound("file or module does not exist: %s" % in_path)
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
cmd = self._password_cmd()
fix ssh connection plugin to work with ipv6 address Due to various inconsistencies of ssh and sftp regarding ipv6 and ipv4 handling, some special arguments must be passed, and the ipv6 must be passed in a specific format.
2013-08-18 21:08:35 +00:00
host = self.host
if self.ipv6:
host = '[%s]' % host
Allows use of scp instead of sftp in Added a boolean constant scp_if_ssh to the config Added scp support for the ssh connection plugin Refers to #1279
2012-11-05 22:25:40 +00:00
if C.DEFAULT_SCP_IF_SSH:
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
cmd += ["scp"] + self.common_args
fix ssh connection plugin to work with ipv6 address Due to various inconsistencies of ssh and sftp regarding ipv6 and ipv4 handling, some special arguments must be passed, and the ipv6 must be passed in a specific format.
2013-08-18 21:08:35 +00:00
cmd += [in_path,host + ":" + pipes.quote(out_path)]
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
indata = None
Allows use of scp instead of sftp in Added a boolean constant scp_if_ssh to the config Added scp support for the ssh connection plugin Refers to #1279
2012-11-05 22:25:40 +00:00
else:
fix ssh connection plugin to work with ipv6 address Due to various inconsistencies of ssh and sftp regarding ipv6 and ipv4 handling, some special arguments must be passed, and the ipv6 must be passed in a specific format.
2013-08-18 21:08:35 +00:00
cmd += ["sftp"] + self.common_args + [host]
Added some pipes.quote ops to make sure paths with spaces in them are ok.
2013-07-20 22:28:11 +00:00
indata = "put %s %s\n" % (pipes.quote(in_path), pipes.quote(out_path))
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
p = subprocess.Popen(cmd, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
self._send_password()
stdout, stderr = p.communicate(indata)
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
if p.returncode != 0:
raise errors.AnsibleError("failed to transfer file to %s:\n%s\n%s" % (out_path, stdout, stderr))
def fetch_file(self, in_path, out_path):
''' fetch a file from remote to local '''
Add -vvv support for debugging activity
2012-08-09 01:09:14 +00:00
vvv("FETCH %s TO %s" % (in_path, out_path), host=self.host)
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
cmd = self._password_cmd()
fix ssh connection plugin to work with ipv6 address Due to various inconsistencies of ssh and sftp regarding ipv6 and ipv4 handling, some special arguments must be passed, and the ipv6 must be passed in a specific format.
2013-08-18 21:08:35 +00:00
host = self.host
if self.ipv6:
host = '[%s]' % host
Allows use of scp instead of sftp in Added a boolean constant scp_if_ssh to the config Added scp support for the ssh connection plugin Refers to #1279
2012-11-05 22:25:40 +00:00
if C.DEFAULT_SCP_IF_SSH:
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
cmd += ["scp"] + self.common_args
fix ssh connection plugin to work with ipv6 address Due to various inconsistencies of ssh and sftp regarding ipv6 and ipv4 handling, some special arguments must be passed, and the ipv6 must be passed in a specific format.
2013-08-18 21:08:35 +00:00
cmd += [host + ":" + in_path, out_path]
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
indata = None
Allows use of scp instead of sftp in Added a boolean constant scp_if_ssh to the config Added scp support for the ssh connection plugin Refers to #1279
2012-11-05 22:25:40 +00:00
else:
fix ssh connection plugin to work with ipv6 address Due to various inconsistencies of ssh and sftp regarding ipv6 and ipv4 handling, some special arguments must be passed, and the ipv6 must be passed in a specific format.
2013-08-18 21:08:35 +00:00
cmd += ["sftp"] + self.common_args + [host]
Add password support to -c ssh via sshpass
2012-11-16 22:42:19 +00:00
indata = "get %s %s\n" % (in_path, out_path)
p = subprocess.Popen(cmd, stdin=subprocess.PIPE,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
self._send_password()
stdout, stderr = p.communicate(indata)
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
if p.returncode != 0:
raise errors.AnsibleError("failed to transfer file from %s:\n%s\n%s" % (in_path, stdout, stderr))
def close(self):
Misc code cleanup, mostly whitespace preferences, removing unused imports, plus a few fixes here and there.
2012-07-15 16:29:53 +00:00
''' not applicable since we're executing openssh binaries '''
Add an ssh command wrapper transport
2012-06-17 11:35:59 +00:00
pass
Misc code cleanup, mostly whitespace preferences, removing unused imports, plus a few fixes here and there.
2012-07-15 16:29:53 +00:00