Any other module is able to detect a dark host, but raw was treating 255
as a return code from the module execution, rather from the connection
attempt. This change allows 255 to be treated as a connection failure
when using the raw module.
* Added capability to support multiple keys, so clients from different
machines can connect to a single daemon instance
* Any activity on the daemon will cause the timeout to extend, so that the
daemon must be idle for the full number of minutes before it will auto-
shutdown
* Various other small fixes to remove some redundancy
Fixes#5171
Add support for checking host against global known host files.
The effect of this is that before this fix if files are spread across the known_hosts file but not in the ~/known_hosts file the hosts will execute sequentially. This PR augments the functionality so that all of the knowns hosts will execute in parallel.
We break the read while loop after waiting "the end of the process" and
the pipes are empty, otherwise we do another select that waits all the
timeout.
In particular, do not rely on the $USER environment variable always existing.
tmux for example seems to clear it, causing lots of invalid messages:
"previous known host file not found"
This broke in commit 80fd22dc, but instead of reverting that commit, we now
fall back to expanding just ~ when $USER is not set.
Resolves issue #5082
Code as it was would hit a scenario where one of the FDs was not ready for
reading the first time through -- but p.poll() would show the process as
complete. This would cause ansible to continue on, while leaving some content
left in a pipe.
The other scenario -- the one that causes the unclosed quote, is if we go
through select.select() and we do get stdout in the ready for reading -- we
read from it (9000 bytes), but that's not all that is there. Again we'd get to
the p.poll() check and it would be indeed not none, but we would have left some
of stdout on the FD and thus the json blob would be malformed.
Tested with and without full ssh debugging.
Tested with and without ControlPersist
Tested with and without ControlPersist sockets already created
This bit of code is attempting to access accelerate_inventory_host,
which may not have been set/created. This will cause a traceback.
Instead use getattr with a fallback to False.
This plugin permit to use func to run playbook and ansible command instead
of ssh. It can be used for a smooth transition from func/taboot to ansible by
letting people use ansible without having to change their network architecture.
Commands will now be started up in a separate task from the main
handler thread, so that it can be monitored for completeness while
sending a keepalive packet back to the controller to avoid a socket
receive timeout.
This patch also checks specifically for a return code of 255, which
indicates an unknown SSH error of some kind. When that happens, ansible
will now recommend running with -vvvv (if not enabled) or show the
output from 'ssh -vvv' (when it is enabled)
This shouldn't generally be needed unless you're working in an environment
that uses rediculously long FQDNs; if the name is too long, you wind up
hitting unix domain socket filepath limits enforced by ssh.
Adds original_transport attribute to Runner to track what the original
transport was before it is changed to 'accelerate'.
If using paramiko in original_transport, uses ParamikoConnection. If
not, falls back to SSHConnection like before.
Caveats:
* requiretty must be disabled in the sudoers config
* asking for a password doesn't work yet, so any sudoers users must
be configured with NOPASSWD
* if not starting the daemon as root, the user running the daemon
must have sudoers entries to allow them to run the command as the
target sudo_user
Still needs:
* chunked file transfer/receive
* should probably move all send/recv operations to separate
functions to reduce code duplication
* initial connection setup over ssh? or do we handle that in runner?
Files were being created in /tmp, but will now be created in $HOME/.ansible/cp/
Addresses CVE-2013-4259: ansible uses a socket with predictable filename in /tmp
For some reason, ssh seems to ask for password even when
PasswordAuthentication is set to no, adding PreferredAuthentications
with the 2 options removed do the trick.
Due to various inconsistencies of ssh and sftp regarding ipv6 and
ipv4 handling, some special arguments must be passed, and the
ipv6 must be passed in a specific format.
Till Maas
Jesse Keating
James Tanner
Matt Martz
James Cammarata
Cristian Ciupitu
brdo
Richard Isaacson
Michael DeHaan
Iordan Iordanov
James Cammarata
Luca Berruti
Heikki Hokkanen
Paul Durivage
jeromew
Michael DeHaan
Matt Haggard
Serge van Ginderachter
Michael Scherer
bennojoy
nextus
Brian Harring
Les Aker
Keiichi Mori
guersam
Stephen Fromm
Michael Vogt