Commit graph

5290 commits

Author SHA1 Message Date
Toshio Kuratomi
95ede22a1e Add a comment about the docker connection and usage by non-root users 2015-09-28 22:50:06 -07:00
Toshio Kuratomi
0e110d23f8 Misc cleanups and some fixes for docker connection plugin
* Remove extraneous imports
* Fix some error handling
* Enable pipelining
* Disable su since it doesn't work
* Add error message when installed docker is not recent enough to
  support this plugin
* Move nested functions to class level
* Make transport a class attribute
* Make exec_command, put_file and fetch_file more robust
2015-09-28 22:35:52 -07:00
Toshio Kuratomi
1d119a1f46 Cleanup some extraneous imports 2015-09-28 22:35:52 -07:00
James Cammarata
ffdba96668 Save the included directory for playbook includes for use as the basedir
Fixes #12524
2015-09-29 00:28:45 -04:00
Konstantin Manna
4226e49bc6 bugfix: statement had no effect => statement now has assumed effect 2015-09-28 23:33:48 -04:00
Konstantin Manna
1ccfeafa76 bugfix: use correct close calls 2015-09-28 23:33:32 -04:00
Brian Coca
c1ad96e5cf removed fixme as it is already implemented below. 2015-09-28 23:32:57 -04:00
Toshio Kuratomi
12a2585e84 chroot plugin minor touchups:
* Disable su as it's not currently working 100% (and was disabled in v1).
* Move BUFSIZE out of the class to match other conenction plugins
* _connect shouldn't return self.
2015-09-28 13:16:56 -07:00
Toshio Kuratomi
7a4266e9c5 One more try -- the error message should reference the become method
requested via play context
2015-09-28 11:28:33 -07:00
Toshio Kuratomi
696cf32d63 Correct name of variable 2015-09-28 11:28:33 -07:00
Brian Coca
8d024c3747 Merge pull request #12472 from resmo/for_ansible
cloudstack: improvements and tests
2015-09-28 14:27:22 -04:00
Toshio Kuratomi
0dfa1fb43a Correct call to method typo 2015-09-28 11:24:00 -07:00
Toshio Kuratomi
d827325644 Re-order the methods in ssh.py so that methods needed for implementation are near and just above the relevant public methods.
Standard with the rest of the code base.
2015-09-28 10:34:02 -07:00
Toshio Kuratomi
37844a5c1b Update submodule refs 2015-09-28 09:47:16 -07:00
Toshio Kuratomi
c811668a4d Merge pull request #12546 from amenonsen/ssh-cleanups
A couple of ssh cleanups
2015-09-28 09:46:24 -07:00
Toshio Kuratomi
05af4c8e91 Merge pull request #12471 from amenonsen/pipelining
Make pipelining a connection variable
2015-09-28 09:02:43 -07:00
Abhijit Menon-Sen
38c7422da5 Move ControlPersist/Path checking into a separate method
This is also peripheral to what _build_command needs, can be improved
and tested independently, and so makes more sense in a separate method.

This commit doesn't change any functionality (and I've verified that it
works with the various combinations: control_path set in ansible.cfg,
ssh_args adding or not adding ControlMaster/ControlPersist, etc.).
2015-09-28 21:11:56 +05:30
Toshio Kuratomi
c3a05b1181 Update to fix one more doc error 2015-09-28 08:38:24 -07:00
Abhijit Menon-Sen
f33d541964 Move sshpass checking into a separate method
Checking for sshpass is peripheral to the calling code, so it's easier
to follow when the details are moved into a method.
2015-09-28 20:58:30 +05:30
Abhijit Menon-Sen
565c6f1ae7 Make ansible_pipelining a connection variable
SSH pipelining can be a significant performance improvement, but it will
not work if sudoers is configured to requiretty. With this change, one
could have pipelining enabled in ansible.cfg, but use sudo to turn off
requiretty in a separate play (or task) where pipelining is disabled:

    - hosts: foo
      vars:
          ansible_pipelining: no
      tasks:
        - lineinfile: dest=/etc/sudoers line='Defaults requiretty' state=absent
          sudo_user: root

(Note that sudoers has a complicated syntax, so the above lineinfile
invocation may be too simplistic for production use; but the point is
that a separate play can do something to disable requiretty.)
2015-09-28 20:55:14 +05:30
Toshio Kuratomi
fd267989fb Fix docs build 2015-09-28 08:23:12 -07:00
Toshio Kuratomi
69ebb899a7 Update submodule refs 2015-09-28 07:52:04 -07:00
James Cammarata
c860775b5d Another fix for --limit in adhoc 2015-09-28 10:39:33 -04:00
James Cammarata
babf47decb Clean up some bugs related to --limit on adhoc commands 2015-09-28 09:02:24 -04:00
James Cammarata
621575681a Merge pull request #12542 from amenonsen/qfix
Clarify why we add -q only for ssh
2015-09-28 08:18:31 -04:00
Abhijit Menon-Sen
2ce219b5af Clarify why we add -q only for ssh 2015-09-28 16:00:23 +05:30
Marius Gedminas
9b39af8e9a Python 3: the StringIO module is gone
Fixes 17 failing tests on Python 3.4, restoring the 8 failures we had
last Friday.
2015-09-28 09:28:53 +03:00
James Cammarata
4cd810a674 Only append -q option for ssh if we're using ssh 2015-09-26 21:27:38 -04:00
James Cammarata
46984a067c Don't wrap vars from include_vars with UnsafeProxy 2015-09-26 15:16:46 -04:00
James Cammarata
abfeb104df Merge pull request #12529 from soarpenguin/bug-fix
fix no self pointer out of class.
2015-09-26 14:18:58 -04:00
Toshio Kuratomi
342bc97322 Port chroot conection plugin to the latest v2 connection API.
Also get pipelining working for people who look to chroot as an example
for their own connection plugins

Note: In the latest v2 API, action handles become but chroot doesn't
reliably handle become.  Maybe we need to add a has_become attribute
that the action can display an appropriate error.
2015-09-26 10:00:28 -07:00
Toshio Kuratomi
056a020357 Do not fail if /proc/uptime is not present
This can happen in chroot environments that don't have all of /proc
available
2015-09-26 10:00:28 -07:00
Toshio Kuratomi
ae66d01a33 Document how a command is executed on the remote machine
Helps connection plugin implementors understand how to structure
exec_command()
2015-09-26 10:00:28 -07:00
James Cammarata
6dd38c2a10 Fix parent attribute lookup to be default
Fixes #12526
2015-09-26 11:28:29 -04:00
James Cammarata
a1c38a3fda Adding delegate_to to Blocks 2015-09-26 11:28:01 -04:00
Brian Coca
bb6141ec41 renamed managed_syslog to no_target_syslog 2015-09-26 08:22:32 -04:00
Abhijit Menon-Sen
8251ab2e37 Update outdated comment
Since #12165 was merged, hostnames are properly validated.
2015-09-26 17:32:13 +05:30
Abhijit Menon-Sen
6ff4d40d74 Update outdated comment
We now use "sudo -n" instead of "sudo -k && sudo …"
2015-09-26 17:28:22 +05:30
soarpenguin
1ea66e234f fix logic judgment error. 2015-09-26 15:15:53 +08:00
soarpenguin
2caa52a981 fix no self pointer out of class. 2015-09-26 14:09:56 +08:00
Brian Coca
37a918438b task logging revamp
* allow global no_log setting, no need to set at play or task level, but can be overriden by them
 * allow turning off syslog only on task execution from target host (manage_syslog), overlaps with no_log functionality
 * created log function for task modules to use, now we can remove all syslog references, will use systemd journal if present
 * added debug flag to modules, so they can make it call new log function conditionally
 * added debug logging in module's run_command
2015-09-25 23:57:28 -04:00
James Cammarata
60e1a1f8eb Fix bug in nested lookup where pop is called indiscriminately 2015-09-25 17:16:56 -04:00
Brian Coca
191ae0831d fixed syntax error 2015-09-25 17:15:26 -04:00
Brian Coca
48412c13b2 fixed copy n paste typo on future code 2015-09-25 17:08:03 -04:00
James Cammarata
bb1101498d Clean up typo from cdc6c52 2015-09-25 16:58:27 -04:00
James Cammarata
cdc6c5208e Clean string data run through the template engine
Also strip UnsafeProxy off of low level srings and objects to ensure
they don't cause issues later down the road

Fixes #12513
2015-09-25 16:49:31 -04:00
James Cammarata
ae9b34b1d9 Fix for equality checking in Host to make sure things are like types 2015-09-25 16:49:31 -04:00
Toshio Kuratomi
fa9ea32a86 Fix test of whether a result has a failed host 2015-09-25 12:09:27 -07:00
Brian Coca
1c49e3b842 draft shared service code for modules, part of spliting service module 2015-09-25 11:26:21 -04:00
Toshio Kuratomi
41756be4d3 Update core module ref 2015-09-25 07:49:32 -07:00
Toshio Kuratomi
dcdcd9e9c5 Move is_executable to the toplevel of basic.py so we can utilize it from other code 2015-09-25 07:48:57 -07:00
James Cammarata
ccddda1ebc Merge pull request #12502 from mgedmin/py3k
Python 3: make test_variable_manager_precedence pass
2015-09-25 03:05:02 -04:00
James Cammarata
eb8d7dcd14 Make sure formatted strings don't bomb on tuples
Fixes #12501
2015-09-25 03:01:42 -04:00
James Cammarata
31d5f88a1d Use the task loop to calculate multiple delegated hosts
Due to the way we're now calculating delegate_to, if that value is based
on a loop variable ('item') we need to calculate all of the possible
delegated_to variables for that loop.

Fixes #12499
2015-09-25 01:41:09 -04:00
Toshio Kuratomi
a1428d6bed Remove tmp as a parameter to the connection plugins
There doesn't appear to be anything that actually uses tmp_path in the
connection plugins so we don't need to pass that in to exec_command.
That change also means that we don't need to pass tmp_path around in
many places in the action plugins any more.  there may be more cleanup
that can be done there as well (the action plugin's public run() method
takes tmp as a keyword arg but that may not be necessary).

As a sideeffect of this patch, some potential problems with chmod and
the patch, assemble, copy, and template modules has been fixed (those
modules called _remote_chmod() with the wrong order for their
parameters.  Removing the tmp parameter fixed them.)
2015-09-24 13:33:57 -07:00
James Cammarata
95b371dd60 Use AnsibleFileNotFound instead of AnsibleParsingError when YAML files are not found
And update portions of code to expect the proper error.

Fixes #12512
2015-09-24 16:27:25 -04:00
Toshio Kuratomi
0250beb68a Remove compress option from paramiko connection for now
It's not available on older versions of paramiko such as shipped in RHEL6
2015-09-24 13:18:00 -07:00
James Cammarata
12df9f2e31 Make hostvars more dynamic again to improve performance with large inventories
Fixes #12477
2015-09-24 13:53:44 -04:00
Abhijit Menon-Sen
82b33c381f We don't need even a token timeout here; just poll once
The process is already gone, so there's not going to be any new data
showing up on its stderr; we only want to make sure that we haven't
missed something that was already written. So polling once is enough.
2015-09-24 12:10:16 -04:00
Abhijit Menon-Sen
6e82df451a Clarify select() handling for ssh connections
This change is motivated by an ssh oddity: when ControlPersist is
enabled, the first (i.e. master) connection goes into the background; we
see EOF on its stdout and the process exits, but we never see EOF on its
stderr. So if we ran a command like this:

    ANSIBLE_SSH_PIPELINING=1 ansible -T 30 -vvv somehost -u someuser -m command -a whoami

We would first do select([stdout,stderr], timeout) and read the command
module output, then select([stdout,stderr], timeout) again and read EOF
on stdout, then select([stderr], timeout) AGAIN (though the process has
exited), and select() would wait for the full timeout before returning
rfd=[], and then we would exit. The use of a very short timeout in the
code masked the underlying problem (that we don't see EOF on stderr).

It's always preferable to call select() with a long timeout so that the
process doesn't use any CPU until one of the events it's interested in
happens (and then select will return independent of elapsed time).

(A long timeout value means "if nothing happens, sleep for up to <x>";
omitting the timeout value means "if nothing happens, sleep forever";
specifying a zero timeout means "don't sleep at all", i.e. poll for
events and return immediately.)

This commit uses a long timeout, but explicitly detects the condition
where we've seen EOF on stdout and the process has exited, but we have
not seen EOF on stderr. If and only if that happens, it reruns select()
with a short timeout (in practice it could just exit at that point, but
I chose to be extra cautious). As a result, we end up calling select()
far less often, and use less CPU while waiting, but don't sleep for a
long time waiting for something that will never happen.

Note that we don't omit the timeout to select() altogether because if
we're waiting for an escalation prompt, we DO want to give up with an
error after some time. We also don't set exceptfds, because we're not
actually acting on any notifications of exceptional conditions.
2015-09-24 12:10:16 -04:00
Toshio Kuratomi
03127dcfae remove the stdin return value from connection plugin exec_command() methods
The value was useless -- unused by the callers and always hardcoded to
the empty string.
2015-09-24 08:57:19 -07:00
James Cammarata
9d47eabfa4 Merge pull request #12506 from hyperized/devel
Add Weekday (0-6) as a number and add weeknumber (00-52)
2015-09-24 11:44:39 -04:00
Toshio Kuratomi
24b9e2e6d1 Update extras submodule ref 2015-09-24 07:18:23 -07:00
Gerben Geijteman
4c20964475 Add Weekday (0-6) as a number and add weeknumber (00-52) 2015-09-24 15:05:44 +02:00
Marius Gedminas
56f2a25bff Python 3: there's no 'unicode' 2015-09-24 12:53:48 +03:00
Marius Gedminas
6d4618f46f Python 3: there's no dict.iteritems() 2015-09-24 12:50:00 +03:00
Marius Gedminas
0624797375 Bugfix: if you define a custom __eq__, you must define a __hash__ too
Also, on Python 3 the stock object.__hash__ raises an error ("unhashable
type"), and we have code that uses Host instances as dict keys.
2015-09-24 12:46:06 +03:00
Marius Gedminas
a2bc6b4b26 Bugfix: if you define __eq__, you should define __ne__ too 2015-09-24 12:43:33 +03:00
Marius Gedminas
5d29a2eabd Python 3: shlex.split() wants unicode
On Python 2, shlex.split() raises if you pass it a unicode object with
non-ASCII characters in it.  The Ansible codebase copes by explicitly
converting the string using to_bytes() before passing it to
shlex.split().

On Python 3, shlex.split() raises ('bytes' object has no attribute 'read')
if you pass a bytes object.  Oops.

This commit introduces a new wrapper function, shlex_split, that
transparently performs the to_bytes/to_unicode conversions only on
Python 2.

Currently I've only converted one call site (the one that was causing a
unit test to fail on Python 3).  If this approach is deemed suitable,
I'll convert them all.
2015-09-24 12:36:05 +03:00
Toshio Kuratomi
5d3d9cfe0d Convert to byte strings to avoid UnicodeErrors
Fixes #12488
2015-09-23 15:24:17 -07:00
Brian Coca
de18bcb95f correct typo on error reporting
fixes #12495
2015-09-23 10:11:52 -04:00
Abhijit Menon-Sen
40f608a377 A bit more debugging output
We used to display input chunks earlier anyway, so this isn't making
things more verbose.
2015-09-23 22:35:14 +05:30
Abhijit Menon-Sen
9700d9c04f Fix typo in checking select results
It's possible for more than one fd to be set, so 'elif' is obviously not
the right thing to use.
2015-09-23 22:32:15 +05:30
James Cammarata
1164e83477 Remove unnecessary calls to save inventory restrictions since 81bf88b 2015-09-23 12:18:09 -04:00
Toshio Kuratomi
89a78ba16e Update submodule refs 2015-09-23 08:40:59 -07:00
James Cammarata
9e734df0ec Conditionally poll longer if we're still waiting for an auth prompt 2015-09-23 11:20:11 -04:00
Toshio Kuratomi
5f0f5363b6 Merge pull request #12487 from mgedmin/py3k
Fix one more failing test on Python 3
2015-09-23 08:18:17 -07:00
James Cammarata
2898e000a0 Don't use the connection timeout for the select poll timeout 2015-09-23 11:13:12 -04:00
Abhijit Menon-Sen
587054db2a Send initial data before calling select whenever possible
Without this, we could execute «ssh -q ...» and call select(), which
would timeout after the default 10s, and only then send initial data.
(This is a relic of the earlier change where we always ran ssh with
-vvv, so the situation where it would sit quietly never happened in
practice; but this would have been the right thing to do even then.)
2015-09-23 20:09:50 +05:30
James Cammarata
c9a004227e Improve error catching from malformed playbook data
Fixes #12478
2015-09-23 08:56:36 -04:00
James Cammarata
e8e1d9f6fb Apply --limit to inventory in adhoc commands
Fixes #12473
2015-09-23 08:28:38 -04:00
Marius Gedminas
95e655eb67 Python 3: there's no basestring
Fixes one failing test.

The long series of module_utils/basic.py fixes were all because
module_utils/basic is imported in ansible/inventory/script.py.
2015-09-23 10:04:26 +03:00
Marius Gedminas
2c4982b58d Python 3: there's no itertools.imap
Because the builtin map() acts like an iterator already.
2015-09-23 10:04:26 +03:00
Marius Gedminas
6708d56a21 Python 3: avoid long integer literals
Even Python 2.4 automatically promotes int to long.
2015-09-23 10:04:25 +03:00
Marius Gedminas
f5d4935197 Python 3: treat python as a function in module_utils/basic.py
NB: we can't use 'from __future__ import print_function', but luckily
print(one_thing) works fine on both Python 2 and Python 3 without that.
2015-09-23 10:04:25 +03:00
Marius Gedminas
e71a986e16 Python 3: avoid octal constants in module_utils/basic.py 2015-09-23 10:04:25 +03:00
Marius Gedminas
d2bec7f81f Python 3: avoid "except ..., e:" in module_utils/basic.py
Make the code compatible with Pythons 2.4 through 3.5 by using
sys.exc_info()[1] instead.

This is necessary but not sufficient for Python 3 compatibility.
2015-09-23 10:04:25 +03:00
James Cammarata
65630d2ce1 Fixing one more bug related to staticmethods in LookupBase 2015-09-23 02:33:32 -04:00
James Cammarata
cbbb270761 Cleanup bug from moving base lookup methods to staticmethods 2015-09-23 02:26:19 -04:00
Abhijit Menon-Sen
ac98fe9e89 Implement ssh connection handling as a state machine
The event loop (even after it was brought into one place in _run in the
previous commit) was hard to follow. The states and transitions weren't
clear or documented, and the privilege escalation code was non-blocking
while the rest was blocking.

Now we have a state machine with four states: awaiting_prompt,
awaiting_escalation, ready_to_send (initial data), and awaiting_exit.
The actions in each state and the transitions between then are clearly
documented.

The check_incorrect_password() method no longer checks for empty strings
(since they will always match), and check_become_success() uses equality
rather than a substring match to avoid thinking an echoed command is an
indication of successful escalation. Also adds a check_missing_password
connection method to detect the error from sudo -n/doas -n.
2015-09-23 01:55:00 -04:00
Abhijit Menon-Sen
840a32bc08 Reorganise ssh.py to cleanly separate responsibilities
The main exec_command/put_file/fetch_file methods now _build_command and
call _run to handle input from/output to the ssh process. The purpose is
to bring connection handling together in one place so that the locking
doesn't have to be split across functions.

Note that this doesn't change the privilege escalation and connection IO
code at all—just puts it all into one function.

Most of the changes are just moving code from one place to another (e.g.
from _connect to _build_command, from _exec_command and _communicate to
_run), but there are some other notable changes:

1. We test for the existence of sshpass the first time we need to use
   password authentication, and remember the result.
2. We set _persistent in _build_command if we're using ControlPersist,
   for later use in close(). (The detection could be smarter.)
3. Some apparently inadvertent inconsistencies between put_file and
   fetch_file (e.g. argument quoting, sftp -b use) have been removed.

Also reorders functions into a logical sequence, removes unused imports
and functions, etc.

Aside: the high-level EXEC/PUT/FETCH description should really be logged
from ConnectionBase, while individual subclasses log transport-specific
details.
2015-09-23 01:55:00 -04:00
James Cammarata
95c6fe88e4 Fix handling of conditional vars_files which contain variables
Fixes #12484
2015-09-23 01:26:24 -04:00
Toshio Kuratomi
c83f51b7f2 Some LookupBase cleanups:
* Make LookupBase an abc with required methods (run()) marked as an
  abstractmethod
* Mark methods that don't use self as @staticmethod
* Document how to implement the run method of a lookup plugin.
2015-09-22 16:19:36 -07:00
Toshio Kuratomi
049952fa50 Update submodule refs. 2015-09-22 14:01:53 -07:00
James Cammarata
1e7fd2196d Fixing synchronize + delegate_to user bug
Fixes #12464
2015-09-22 16:06:52 -04:00
James Cammarata
3ffc2783c4 Don't bomb out on handlers with undefined variables in their names 2015-09-22 12:42:02 -04:00
Toshio Kuratomi
4b0d52d2cb Merge pull request #12420 from ansible/win_prefix_modules
Fix for user defined modules not overriding modules from core.
2015-09-22 09:16:38 -07:00
James Cammarata
1076155d8d When failing because of vars_files templating, try and bubble up the file/line info 2015-09-22 12:13:55 -04:00
Toshio Kuratomi
18e2ee16ef Fix for user defined modules not overriding modules from core.
This fix takes into account that powershell modules are somewhat
different than regular modules and have to be kept separate.
2015-09-22 09:07:37 -07:00
Toshio Kuratomi
f61fb9787d Update submodule refs 2015-09-22 08:59:10 -07:00