When running on lots of hosts with a large login banner on a slow network, it was still possible that the first recv() didn't to pull in the sudo password prompt, and sudo would fail intermittently. This patch tells sudo to use a specific, randomly-generated prompt and then reads until it finds that prompt (or times out). Only then is the password sent. It also catches `socket.timeout` and thunks it to a more useful `AnsbileError` with the output of sudo so if something goes wrong you can see what's up.
Commit SHA: 87b1cf45 that put temp files in `$HOME/.ansible` instead of `/home/<user>/.ansible` was producing a directory literally called `$HOME` (no expansion) with non-sudo remote execution. I'll take the blame for this one, as `ParamikoConnection.exec_command()` was not using the shell for non-sudo commands. This does sudo and non-sudo execution the same way, using the shell, so environment variables should get expanded.
The basic idea is sudo /bin/sh -c 'quoted_command'. We use Paramiko's low-level API to set a timeout, get a pseudo tty, execute sudo and the (shell quoted) command atomically, wait just until sudo is ready to accept the password before sending it down the pipe, and then return the command's stdout and stderr.
This should be faster, as there are no unneeded sleeps. There are no permissions issues reading the output. It will raise socket.timeout if the command takes too long. However, this is a per-read timeout, not a total execution timeout, so as long as the command is writing output and you are reading it, it will not time out.
Local and non-sudo commands remain unchanged, but should probably adopt a similar approach.
Since this is a significant change, it needs a lot of testing. Also, someone smarter than I should double-check the quoting and execution, since it is a security issue.
Merge the SortedOptParser bits and debug attribute commits into
localconnection.
Conflicts:
bin/ansible
lib/ansible/playbook.py
lib/ansible/runner.py
lib/ansible/utils.py
This creates a LocalConnection class for the case when operating on the
localhost. If the host, argument to Connection.connect(), matches
127.0.0.1, localhost, or the name of the host as returned by
os.uname()[1], Connection.connect() will opt to use LocalConnection
instead of ParamikoConnection. LocalConnection implements connect(),
exec_command(), put_file(), and close().
Jim Richardson
John Kleint
Michael DeHaan
cocoy
Jeroen Hoekx
Matt Coddington
Rafal Lewczuk
Stephen Fromm
Matthew Williams
Christopher Johnston
Seth Vidal