Commit Graph

16239 Commits (6e82df451ac0ca11b2abd09051e57a2d5b6cca19)
 

Author SHA1 Message Date
Abhijit Menon-Sen 6e82df451a Clarify select() handling for ssh connections
This change is motivated by an ssh oddity: when ControlPersist is
enabled, the first (i.e. master) connection goes into the background; we
see EOF on its stdout and the process exits, but we never see EOF on its
stderr. So if we ran a command like this:

    ANSIBLE_SSH_PIPELINING=1 ansible -T 30 -vvv somehost -u someuser -m command -a whoami

We would first do select([stdout,stderr], timeout) and read the command
module output, then select([stdout,stderr], timeout) again and read EOF
on stdout, then select([stderr], timeout) AGAIN (though the process has
exited), and select() would wait for the full timeout before returning
rfd=[], and then we would exit. The use of a very short timeout in the
code masked the underlying problem (that we don't see EOF on stderr).

It's always preferable to call select() with a long timeout so that the
process doesn't use any CPU until one of the events it's interested in
happens (and then select will return independent of elapsed time).

(A long timeout value means "if nothing happens, sleep for up to <x>";
omitting the timeout value means "if nothing happens, sleep forever";
specifying a zero timeout means "don't sleep at all", i.e. poll for
events and return immediately.)

This commit uses a long timeout, but explicitly detects the condition
where we've seen EOF on stdout and the process has exited, but we have
not seen EOF on stderr. If and only if that happens, it reruns select()
with a short timeout (in practice it could just exit at that point, but
I chose to be extra cautious). As a result, we end up calling select()
far less often, and use less CPU while waiting, but don't sleep for a
long time waiting for something that will never happen.

Note that we don't omit the timeout to select() altogether because if
we're waiting for an escalation prompt, we DO want to give up with an
error after some time. We also don't set exceptfds, because we're not
actually acting on any notifications of exceptional conditions.
9 years ago
Toshio Kuratomi 03127dcfae remove the stdin return value from connection plugin exec_command() methods
The value was useless -- unused by the callers and always hardcoded to
the empty string.
9 years ago
James Cammarata 9d47eabfa4 Merge pull request #12506 from hyperized/devel
Add Weekday (0-6) as a number and add weeknumber (00-52)
9 years ago
Toshio Kuratomi 24b9e2e6d1 Update extras submodule ref 9 years ago
Gerben Geijteman 4c20964475 Add Weekday (0-6) as a number and add weeknumber (00-52) 9 years ago
Toshio Kuratomi 5d3d9cfe0d Convert to byte strings to avoid UnicodeErrors
Fixes #12488
9 years ago
Brian Coca de18bcb95f correct typo on error reporting
fixes #12495
9 years ago
Brian Coca 6c3813ed37 added win_firewall_rule module 9 years ago
James Cammarata 65f5bed33e Merge pull request #12493 from amenonsen/ssh-fds
Fix typo in checking select results
9 years ago
Abhijit Menon-Sen 40f608a377 A bit more debugging output
We used to display input chunks earlier anyway, so this isn't making
things more verbose.
9 years ago
Abhijit Menon-Sen 9700d9c04f Fix typo in checking select results
It's possible for more than one fd to be set, so 'elif' is obviously not
the right thing to use.
9 years ago
James Cammarata 1164e83477 Remove unnecessary calls to save inventory restrictions since 81bf88b 9 years ago
Toshio Kuratomi 89a78ba16e Update submodule refs 9 years ago
James Cammarata 9e734df0ec Conditionally poll longer if we're still waiting for an auth prompt 9 years ago
Toshio Kuratomi 5f0f5363b6 Merge pull request #12487 from mgedmin/py3k
Fix one more failing test on Python 3
9 years ago
James Cammarata 2898e000a0 Don't use the connection timeout for the select poll timeout 9 years ago
James Cammarata 713809b62d Merge branch 'amenonsen-ssh-indata' into devel 9 years ago
Abhijit Menon-Sen 587054db2a Send initial data before calling select whenever possible
Without this, we could execute «ssh -q ...» and call select(), which
would timeout after the default 10s, and only then send initial data.
(This is a relic of the earlier change where we always ran ssh with
-vvv, so the situation where it would sit quietly never happened in
practice; but this would have been the right thing to do even then.)
9 years ago
James Cammarata c9a004227e Improve error catching from malformed playbook data
Fixes #12478
9 years ago
James Cammarata e8e1d9f6fb Apply --limit to inventory in adhoc commands
Fixes #12473
9 years ago
Marius Gedminas 95e655eb67 Python 3: there's no basestring
Fixes one failing test.

The long series of module_utils/basic.py fixes were all because
module_utils/basic is imported in ansible/inventory/script.py.
9 years ago
Marius Gedminas 2c4982b58d Python 3: there's no itertools.imap
Because the builtin map() acts like an iterator already.
9 years ago
Marius Gedminas 6708d56a21 Python 3: avoid long integer literals
Even Python 2.4 automatically promotes int to long.
9 years ago
Marius Gedminas f5d4935197 Python 3: treat python as a function in module_utils/basic.py
NB: we can't use 'from __future__ import print_function', but luckily
print(one_thing) works fine on both Python 2 and Python 3 without that.
9 years ago
Marius Gedminas e71a986e16 Python 3: avoid octal constants in module_utils/basic.py 9 years ago
Marius Gedminas d2bec7f81f Python 3: avoid "except ..., e:" in module_utils/basic.py
Make the code compatible with Pythons 2.4 through 3.5 by using
sys.exc_info()[1] instead.

This is necessary but not sufficient for Python 3 compatibility.
9 years ago
James Cammarata 65630d2ce1 Fixing one more bug related to staticmethods in LookupBase 9 years ago
James Cammarata cbbb270761 Cleanup bug from moving base lookup methods to staticmethods 9 years ago
Abhijit Menon-Sen ac98fe9e89 Implement ssh connection handling as a state machine
The event loop (even after it was brought into one place in _run in the
previous commit) was hard to follow. The states and transitions weren't
clear or documented, and the privilege escalation code was non-blocking
while the rest was blocking.

Now we have a state machine with four states: awaiting_prompt,
awaiting_escalation, ready_to_send (initial data), and awaiting_exit.
The actions in each state and the transitions between then are clearly
documented.

The check_incorrect_password() method no longer checks for empty strings
(since they will always match), and check_become_success() uses equality
rather than a substring match to avoid thinking an echoed command is an
indication of successful escalation. Also adds a check_missing_password
connection method to detect the error from sudo -n/doas -n.
9 years ago
Abhijit Menon-Sen 840a32bc08 Reorganise ssh.py to cleanly separate responsibilities
The main exec_command/put_file/fetch_file methods now _build_command and
call _run to handle input from/output to the ssh process. The purpose is
to bring connection handling together in one place so that the locking
doesn't have to be split across functions.

Note that this doesn't change the privilege escalation and connection IO
code at all—just puts it all into one function.

Most of the changes are just moving code from one place to another (e.g.
from _connect to _build_command, from _exec_command and _communicate to
_run), but there are some other notable changes:

1. We test for the existence of sshpass the first time we need to use
   password authentication, and remember the result.
2. We set _persistent in _build_command if we're using ControlPersist,
   for later use in close(). (The detection could be smarter.)
3. Some apparently inadvertent inconsistencies between put_file and
   fetch_file (e.g. argument quoting, sftp -b use) have been removed.

Also reorders functions into a logical sequence, removes unused imports
and functions, etc.

Aside: the high-level EXEC/PUT/FETCH description should really be logged
from ConnectionBase, while individual subclasses log transport-specific
details.
9 years ago
James Cammarata 95c6fe88e4 Fix handling of conditional vars_files which contain variables
Fixes #12484
9 years ago
Toshio Kuratomi c83f51b7f2 Some LookupBase cleanups:
* Make LookupBase an abc with required methods (run()) marked as an
  abstractmethod
* Mark methods that don't use self as @staticmethod
* Document how to implement the run method of a lookup plugin.
9 years ago
James Cammarata 1e860d020e Merge pull request #12479 from jeffwidman/patch-1
Add mention of roles_path parameter to `ansible-galaxy install` command
9 years ago
Jeff Widman 983ee0898d Add mention of roles_path parameter to `ansible-galaxy install` command 9 years ago
Toshio Kuratomi 049952fa50 Update submodule refs. 9 years ago
Brian Coca a421fa5bb9 added new route53_health_check module 9 years ago
James Cammarata 1e7fd2196d Fixing synchronize + delegate_to user bug
Fixes #12464
9 years ago
James Cammarata 3ffc2783c4 Don't bomb out on handlers with undefined variables in their names 9 years ago
Toshio Kuratomi 4b0d52d2cb Merge pull request #12420 from ansible/win_prefix_modules
Fix for user defined modules not overriding modules from core.
9 years ago
James Cammarata 1076155d8d When failing because of vars_files templating, try and bubble up the file/line info 9 years ago
Toshio Kuratomi 18e2ee16ef Fix for user defined modules not overriding modules from core.
This fix takes into account that powershell modules are somewhat
different than regular modules and have to be kept separate.
9 years ago
Toshio Kuratomi f61fb9787d Update submodule refs 9 years ago
James Cammarata c30e464388 Additional tweaks to callback output for delegate_to 9 years ago
James Cammarata 513619867a Show delegated-to host in callback message
Fixes #12465
9 years ago
James Cammarata f563b22446 Merge pull request #12461 from mgedmin/py3k
Python 3: there's no basestring
9 years ago
James Cammarata d2949f5449 Merge pull request #12463 from mgedmin/fix-ansible-doc
Fix option descriptions in ansible-doc output
9 years ago
James Cammarata 0fb4a6a67b Tweak to the way new host variables are created for delegated hosts 9 years ago
Marius Gedminas 339790adc4 Fix option descriptions in ansible-doc output
Fixes #12462.
9 years ago
James Cammarata 18adfc6d1a Set some default vars on hosts created for delegate_to connections 9 years ago
James Cammarata a22f7b883d Restrict role param vars to tasks within that role
Fixes #12460
9 years ago