Commit graph

17314 commits

Author SHA1 Message Date
Abhijit Menon-Sen
f488de8599 Make sudo+requiretty and ANSIBLE_PIPELINING work together
Pipelining is a *significant* performance benefit, because each task can
be completed with a single SSH connection (vs. one ssh connection at the
start to mkdir, plus one sftp and one ssh per task).

Pipelining is disabled by default in Ansible because it conflicts with
the use of sudo if 'Defaults requiretty' is set in /etc/sudoers (as it
is on Red Hat) and su (which always requires a tty).

We can (and already do) make sudo/su happy by using "ssh -t" to allocate
a tty, but then the python interpreter goes into interactive mode and is
unhappy with module source being written to its stdin, per the following
comment from connections/ssh.py:

        # we can only use tty when we are not pipelining the modules.
        # piping data into /usr/bin/python inside a tty automatically
        # invokes the python interactive-mode but the modules are not
        # compatible with the interactive-mode ("unexpected indent"
        # mainly because of empty lines)

Instead of the (current) drastic solution of turning off pipelining when
we use a tty, we can instead use a tty but suppress the behaviour of the
Python interpreter to switch to interactive mode. The easiest way to do
this is to make its stdin *not* be a tty, e.g. with cat|python.

This works, but there's a problem: ssh will ignore -t if its input isn't
really a tty. So we could open a pseudo-tty and use that as ssh's stdin,
but if we then write Python source into it, it's all echoed back to us
(because we're a tty). So we have to use -tt to force tty allocation; in
that case, however, ssh puts the tty into "raw" mode (~ICANON), so there
is no good way for the process on the other end to detect EOF on stdin.
So if we do:

    echo -e "print('hello world')\n"|ssh -tt someho.st "cat|python"

…it hangs forever, because cat keeps on reading input even after we've
closed our pipe into ssh's stdin. We can get around this by writing a
special __EOF__ marker after writing in_data, and doing this:

    echo -e "print('hello world')\n__EOF__\n"|ssh -tt someho.st "sed -ne '/__EOF__/q' -e p|python"

This works fine, but in fact I use a clever python one-liner by mgedmin
to achieve the same effect without depending on sed (at the expense of a
much longer command line, alas; Python really isn't one-liner-friendly).

We also enable pipelining by default as a consequence.
2015-12-01 23:32:20 +05:30
Brian Coca
18a8c31cf4 added pull's code sig verification to changelog 2015-12-01 09:54:33 -08:00
Toshio Kuratomi
50553bc2ba _connect no longer takes a port argument 2015-12-01 09:12:25 -08:00
Brian Coca
dbbf7c8406 updated changelog to show su now works with local 2015-12-01 09:10:40 -08:00
Brian Coca
f1fcab4610 ignore password flags in become conflict check
since all the --ask pass options end up triggering the same code
and are functionally equivalent, ignore them when it comes to checking
privilege escalation conflicts. This allows using -K when --become-method=su
and so on.
2015-12-01 08:18:31 -08:00
Brian Coca
a6f6a80caa avoid inheritance issues with default=dict declaration at class level
this should avoid the issue of subsequent plays not prompting for a var
prompted for in a previous play.
2015-12-01 08:18:31 -08:00
James Cammarata
d1b5653b53 Merge pull request #13367 from leedm777/patch-1
Corrected group separator
2015-12-01 10:48:08 -05:00
James Cammarata
70e1095546 Merge pull request #13372 from sreekanthpulagam/patch-1
Added missing closing quote
2015-12-01 10:37:20 -05:00
Sandra Wills
c9b543bd67 Merge pull request #13286 from jlmitch5/docsite_ads
use hubspot based ads instead of stored files
2015-12-01 10:27:50 -05:00
Toshio Kuratomi
30094912eb boto is expecting that we pass it unicode strings.
The secret_key parameter especially can contain non-ascii characters and
will throw an error if such a string is passed as a byte str.

Potential fix for #13303
2015-12-01 07:03:57 -08:00
Arata Notsu
6d6d4f0c8e BOOLEAN should contain boolean literals
It is natural that an argument_spec with choises=BOOLEAN accepts
boolean literal (True, False) though the current implementation
allows only string or int.
2015-12-01 23:51:39 +09:00
sreekanth
96bd2a4447 Added missing closing quote 2015-12-01 17:30:43 +05:30
David M. Lee
cfdb12c2ec Corrected group separator
The text said comma, but the examples were all colons.
2015-11-30 21:44:18 -06:00
Toshio Kuratomi
ba4e571029 Update submodule refs to go along with the StandardError change in ec2 moudles 2015-11-30 19:05:33 -08:00
Toshio Kuratomi
19d5759771 raise AnsibleAWSError instead of StandardError.
* StandardError doesn't exist in python3
* because it is the root of builtin expections, we can't catch it
  separate from the builtin exceptions
* It doesn't tell us anything about the error being thrown as it's too
  generic
2015-11-30 19:05:33 -08:00
James Cammarata
dc0fae1af7 Also make sure remote_user is defaulted correctly for delegated hosts
Fixes #13323
2015-11-30 16:15:14 -05:00
Toshio Kuratomi
e2ddc2f6ab Call the function :-)
Fixes #13330
2015-11-30 12:34:20 -08:00
James Cammarata
cc36eedf76 Ensure port is (re)set for delegated-to hosts
Fixes #13265
2015-11-30 14:40:23 -05:00
Brian Coca
b5f2c3def2 fixed typo 2015-11-30 09:20:59 -08:00
Brian Coca
eefb4931dd allow for bad stdout return from make temp dir command
fixes #13359
2015-11-30 09:19:16 -08:00
Brian Coca
005b17afec corrected become_methods class variable in winrm
This should now correctly react when using become with winrm
fixes #13331
2015-11-30 08:35:08 -08:00
James Cammarata
80db6bacc4 Make sure run_once tasks properly set variables for all active hosts
Fixes #13267
2015-11-30 11:27:05 -05:00
James Cammarata
fbc9553bd4 Use text_type instead of unicode 2015-11-30 10:33:36 -05:00
James Cammarata
c6a30f7000 Make sure the uuid in vars is string 2015-11-30 10:26:12 -05:00
James Cammarata
f926e81782 Re-implement lookup wantlist
Fixes #13285
2015-11-29 23:45:54 -05:00
James Cammarata
dfa576b037 Merge pull request #13307 from Yannig/devel_fix_big_include_vars
Fix for https://github.com/ansible/ansible/issues/13221
2015-11-29 23:14:03 -05:00
Peter Sprygada
c087160652 initial add of ssh shared module.
This ssh shared module is used for building modules that require an
interactive shell environment such as those required for connecting
to network devices
2015-11-29 21:48:52 -05:00
James Cammarata
6671d78f95 Tweak location of stats callback execution and properly relocate stats output code 2015-11-28 14:03:21 -05:00
James Cammarata
ea23159be4 Merge pull request #13348 from emonty/bug/iterate-on-none
Put in trap for args being None
2015-11-28 13:44:09 -05:00
Monty Taylor
d20e67d708 Put in trap for args being None
_normalize_old_style_args can return None. If it does, the loop
"for args in args" blows up.
2015-11-28 13:38:11 -05:00
James Cammarata
800811a15f Trigger on_stats just once, not once for each play
Fixes #13271
2015-11-28 13:37:43 -05:00
James Cammarata
a7f7f8bd29 Merge pull request #13297 from amenonsen/ssh-escalation
Explicitly accept become_success in awaiting_prompt state
2015-11-28 10:03:00 -05:00
James Cammarata
5b6162a166 Re-adding role_name/role_uuid variables 2015-11-28 09:08:24 -05:00
James Cammarata
8d9835c40b Merge pull request #13342 from Yannig/devel_fix_bomb_shell
Devel fix bomb shell
2015-11-28 09:02:12 -05:00
Yannig Perré
5227c6bb52 Do not copy variable_manager each time. Instead, keep host and local variable_manager sync.
Fix https://github.com/ansible/ansible/issues/13221
2015-11-28 14:58:33 +01:00
Yannig Perré
2fc7c8b460 More restrictive test against variable name to allow setting variable starting with _. 2015-11-28 10:35:06 +01:00
Brian Coca
fa358d9d61 avoids prompting for vars during syntax check
fixes #13319
2015-11-27 11:41:00 -08:00
Brian Coca
70cde3c651 Merge pull request #13334 from ksatirli/patch-1
removes editorial
2015-11-27 11:14:29 -08:00
Brian Coca
834a1d64be Merge pull request #13279 from resmo/patch-3
changelog: minor formating fix
2015-11-27 10:17:53 -08:00
Brian Coca
989b4ca982 Merge pull request #13317 from resmo/patch-4
changelog: devel is 2.1, 2.0 is feature complete.
2015-11-27 10:17:08 -08:00
Kerim Satirli
96c6b74754 removes editorial
I feel that Ansible is above the "my hosted Git community is better than yours" discussion and thus removed the editorial around Bitbucket
2015-11-27 10:09:55 +01:00
Chris Church
82b9af22fd Merge pull request #13333 from cchurch/test_win_setup_check_date_time
Add assertions for ansible_date_time in setup result (for windows)
2015-11-27 00:46:15 -05:00
Chris Church
f3476b556d Add assertions for ansible_date_time in setup result. 2015-11-27 00:39:51 -05:00
Yannig Perré
2c54fb1339 Switch parameters validation after parsing in order to be more consistent between old and new style. 2015-11-26 13:33:58 +01:00
muffl0n
fa3848a1f2 Add example for regex_replace using named groups 2015-11-26 12:56:30 +01:00
René Moser
910a6a3ba1 changelog: devel is 2.1, 2.0 is feature freezed. 2015-11-26 08:44:56 +01:00
Abhijit Menon-Sen
f20e2630b0 Explicitly accept become_success in awaiting_prompt state
If we request escalation with a password, we start in expecting_prompt
state. If the escalation then succeeds without the password, i.e., the
become_success response arrives, we must explicitly move into the next
state (awaiting_escalation, which immediately goes into ready_to_send),
so that we no longer try to apply the timeout.

Otherwise, we would leak the success notification and eventually
timeout. But if the module response did arrive before the timeout
expired, the "process has already exited" test would do the right
thing by accident (which is why it didn't fail more often).

Fixes #13289
2015-11-26 06:06:01 +05:30
Brian Coca
31d06886d5 Merge pull request #13301 from rvbaz/fix-doc-typo
Fix missing word in developing_modules.rst
2015-11-25 12:05:23 -08:00
Raphael Badin
20a45ab36d Fix missing word in developing_modules.rst 2015-11-25 18:29:17 +01:00
Toshio Kuratomi
1b743436b9 Do not double transform to unicode 2015-11-25 07:48:52 -08:00