Commit Graph

17213 Commits (f873cc0fb54f309aa9ece4e4127bdf1071d1bfd7)
 

Author SHA1 Message Date
Toshio Kuratomi f873cc0fb5 Update docs and example config for requiretty + pipelining change 9 years ago
Toshio Kuratomi 1d8e178732 Note crab and mgedmin's work to make pipelining compatible with sudo+requiretty 9 years ago
Toshio Kuratomi bebd2c5f34 Merge pull request #13200 from amenonsen/pipelining
Make pipelining work with su/sudo+requiretty
9 years ago
Abhijit Menon-Sen f488de8599 Make sudo+requiretty and ANSIBLE_PIPELINING work together
Pipelining is a *significant* performance benefit, because each task can
be completed with a single SSH connection (vs. one ssh connection at the
start to mkdir, plus one sftp and one ssh per task).

Pipelining is disabled by default in Ansible because it conflicts with
the use of sudo if 'Defaults requiretty' is set in /etc/sudoers (as it
is on Red Hat) and su (which always requires a tty).

We can (and already do) make sudo/su happy by using "ssh -t" to allocate
a tty, but then the python interpreter goes into interactive mode and is
unhappy with module source being written to its stdin, per the following
comment from connections/ssh.py:

        # we can only use tty when we are not pipelining the modules.
        # piping data into /usr/bin/python inside a tty automatically
        # invokes the python interactive-mode but the modules are not
        # compatible with the interactive-mode ("unexpected indent"
        # mainly because of empty lines)

Instead of the (current) drastic solution of turning off pipelining when
we use a tty, we can instead use a tty but suppress the behaviour of the
Python interpreter to switch to interactive mode. The easiest way to do
this is to make its stdin *not* be a tty, e.g. with cat|python.

This works, but there's a problem: ssh will ignore -t if its input isn't
really a tty. So we could open a pseudo-tty and use that as ssh's stdin,
but if we then write Python source into it, it's all echoed back to us
(because we're a tty). So we have to use -tt to force tty allocation; in
that case, however, ssh puts the tty into "raw" mode (~ICANON), so there
is no good way for the process on the other end to detect EOF on stdin.
So if we do:

    echo -e "print('hello world')\n"|ssh -tt someho.st "cat|python"

…it hangs forever, because cat keeps on reading input even after we've
closed our pipe into ssh's stdin. We can get around this by writing a
special __EOF__ marker after writing in_data, and doing this:

    echo -e "print('hello world')\n__EOF__\n"|ssh -tt someho.st "sed -ne '/__EOF__/q' -e p|python"

This works fine, but in fact I use a clever python one-liner by mgedmin
to achieve the same effect without depending on sed (at the expense of a
much longer command line, alas; Python really isn't one-liner-friendly).

We also enable pipelining by default as a consequence.
9 years ago
Brian Coca 18a8c31cf4 added pull's code sig verification to changelog 9 years ago
Toshio Kuratomi 50553bc2ba _connect no longer takes a port argument 9 years ago
Brian Coca dbbf7c8406 updated changelog to show su now works with local 9 years ago
Brian Coca f1fcab4610 ignore password flags in become conflict check
since all the --ask pass options end up triggering the same code
and are functionally equivalent, ignore them when it comes to checking
privilege escalation conflicts. This allows using -K when --become-method=su
and so on.
9 years ago
Brian Coca a6f6a80caa avoid inheritance issues with default=dict declaration at class level
this should avoid the issue of subsequent plays not prompting for a var
prompted for in a previous play.
9 years ago
James Cammarata d1b5653b53 Merge pull request #13367 from leedm777/patch-1
Corrected group separator
9 years ago
James Cammarata 70e1095546 Merge pull request #13372 from sreekanthpulagam/patch-1
Added missing closing quote
9 years ago
Sandra Wills c9b543bd67 Merge pull request #13286 from jlmitch5/docsite_ads
use hubspot based ads instead of stored files
9 years ago
Toshio Kuratomi 30094912eb boto is expecting that we pass it unicode strings.
The secret_key parameter especially can contain non-ascii characters and
will throw an error if such a string is passed as a byte str.

Potential fix for #13303
9 years ago
sreekanth 96bd2a4447 Added missing closing quote 9 years ago
David M. Lee cfdb12c2ec Corrected group separator
The text said comma, but the examples were all colons.
9 years ago
Toshio Kuratomi ba4e571029 Update submodule refs to go along with the StandardError change in ec2 moudles 9 years ago
Toshio Kuratomi 19d5759771 raise AnsibleAWSError instead of StandardError.
* StandardError doesn't exist in python3
* because it is the root of builtin expections, we can't catch it
  separate from the builtin exceptions
* It doesn't tell us anything about the error being thrown as it's too
  generic
9 years ago
James Cammarata dc0fae1af7 Also make sure remote_user is defaulted correctly for delegated hosts
Fixes #13323
9 years ago
Toshio Kuratomi e2ddc2f6ab Call the function :-)
Fixes #13330
9 years ago
James Cammarata cc36eedf76 Ensure port is (re)set for delegated-to hosts
Fixes #13265
9 years ago
Brian Coca b5f2c3def2 fixed typo 9 years ago
Brian Coca eefb4931dd allow for bad stdout return from make temp dir command
fixes #13359
9 years ago
Brian Coca 005b17afec corrected become_methods class variable in winrm
This should now correctly react when using become with winrm
fixes #13331
9 years ago
James Cammarata 80db6bacc4 Make sure run_once tasks properly set variables for all active hosts
Fixes #13267
9 years ago
James Cammarata fbc9553bd4 Use text_type instead of unicode 9 years ago
James Cammarata c6a30f7000 Make sure the uuid in vars is string 9 years ago
James Cammarata f926e81782 Re-implement lookup wantlist
Fixes #13285
9 years ago
James Cammarata dfa576b037 Merge pull request #13307 from Yannig/devel_fix_big_include_vars
Fix for https://github.com/ansible/ansible/issues/13221
9 years ago
James Cammarata 6671d78f95 Tweak location of stats callback execution and properly relocate stats output code 9 years ago
James Cammarata ea23159be4 Merge pull request #13348 from emonty/bug/iterate-on-none
Put in trap for args being None
9 years ago
Monty Taylor d20e67d708 Put in trap for args being None
_normalize_old_style_args can return None. If it does, the loop
"for args in args" blows up.
9 years ago
James Cammarata 800811a15f Trigger on_stats just once, not once for each play
Fixes #13271
9 years ago
James Cammarata a7f7f8bd29 Merge pull request #13297 from amenonsen/ssh-escalation
Explicitly accept become_success in awaiting_prompt state
9 years ago
James Cammarata 5b6162a166 Re-adding role_name/role_uuid variables 9 years ago
James Cammarata 8d9835c40b Merge pull request #13342 from Yannig/devel_fix_bomb_shell
Devel fix bomb shell
9 years ago
Yannig Perré 5227c6bb52 Do not copy variable_manager each time. Instead, keep host and local variable_manager sync.
Fix https://github.com/ansible/ansible/issues/13221
9 years ago
Yannig Perré 2fc7c8b460 More restrictive test against variable name to allow setting variable starting with _. 9 years ago
Brian Coca fa358d9d61 avoids prompting for vars during syntax check
fixes #13319
9 years ago
Brian Coca 70cde3c651 Merge pull request #13334 from ksatirli/patch-1
removes editorial
9 years ago
Brian Coca 834a1d64be Merge pull request #13279 from resmo/patch-3
changelog: minor formating fix
9 years ago
Brian Coca 989b4ca982 Merge pull request #13317 from resmo/patch-4
changelog: devel is 2.1, 2.0 is feature complete.
9 years ago
Kerim Satirli 96c6b74754 removes editorial
I feel that Ansible is above the "my hosted Git community is better than yours" discussion and thus removed the editorial around Bitbucket
9 years ago
Chris Church 82b9af22fd Merge pull request #13333 from cchurch/test_win_setup_check_date_time
Add assertions for ansible_date_time in setup result (for windows)
9 years ago
Chris Church f3476b556d Add assertions for ansible_date_time in setup result. 9 years ago
Yannig Perré 2c54fb1339 Switch parameters validation after parsing in order to be more consistent between old and new style. 9 years ago
René Moser 910a6a3ba1 changelog: devel is 2.1, 2.0 is feature freezed. 9 years ago
Abhijit Menon-Sen f20e2630b0 Explicitly accept become_success in awaiting_prompt state
If we request escalation with a password, we start in expecting_prompt
state. If the escalation then succeeds without the password, i.e., the
become_success response arrives, we must explicitly move into the next
state (awaiting_escalation, which immediately goes into ready_to_send),
so that we no longer try to apply the timeout.

Otherwise, we would leak the success notification and eventually
timeout. But if the module response did arrive before the timeout
expired, the "process has already exited" test would do the right
thing by accident (which is why it didn't fail more often).

Fixes #13289
9 years ago
Brian Coca 31d06886d5 Merge pull request #13301 from rvbaz/fix-doc-typo
Fix missing word in developing_modules.rst
9 years ago
Raphael Badin 20a45ab36d Fix missing word in developing_modules.rst 9 years ago
Toshio Kuratomi 1b743436b9 Do not double transform to unicode 9 years ago