mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-04-24 11:21:25 -07:00
6650ba7654
commit 9921bb9d2002e136c030ff337c14f8b7eab0fc72
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Mon Aug 10 20:19:44 2015 +0530
Document --ssh-extra-args command-line option
commit 8b25595e7b1cc3658803d0821fbf498c18ee608a
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Thu Aug 13 13:24:57 2015 +0530
Don't disable GSSAPI/Pubkey authentication when using --ask-pass
This commit is based on a bug report and PR by kolbyjack (#6846) which
was subsequently closed and rebased as #11690. The original problem was:
«The password on the delegated host is different from the one I
provided on the command line, so it had to use the pubkey, and the
main host doesn't have a pubkey on it yet, so it had to use the
password.»
(This commit is revised and included here because #11690 would conflict
with the changes in #11908 otherwise.)
Closes #11690
commit 119d0323892c65e8169ae57e42bbe8e3517551a3
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Thu Aug 13 11:16:42 2015 +0530
Be more explicit about why SSH arguments are added
This adds vvvvv log messages that spell out in detail where each SSH
command-line argument is obtained from.
Unfortunately, we can't be sure if, say, self._play_context.remote_user
is obtained from ANSIBLE_REMOTE_USER in the environment, remote_user in
ansible.cfg, -u on the command line, or an ansible_ssh_user setting in
the inventory or on a task or play. In some cases, e.g. timeout, we
can't even be sure if it was set by the user or just a default.
Nevertheless, on the theory that at five v's you can use all the hints
available, I've mentioned the possible sources in the log messages.
Note that this caveat applies only to the arguments that ssh.py adds by
itself. In the case of ssh_args and ssh_extra_args, we know where they
are from, and say so, though we can't say WHERE in the inventory they
may be set (e.g. in host_vars or group_vars etc.).
commit b605c285baf505f75f0b7d73cb76b00d4723d02e
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Tue Aug 11 15:19:43 2015 +0530
Add a FAQ entry about ansible_ssh_extra_args
commit 49f8edd035cd28dd1cf8945f44ec3d55212910bd
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Mon Aug 10 20:48:50 2015 +0530
Allow ansible_ssh_args to be set as an inventory variable
Before this change, ssh_args could be set only in the [ssh_connection]
section of ansible.cfg, and was applied to all hosts. Now it's possible
to set ansible_ssh_args as an inventory variable (directly, or through
group_vars or host_vars) to selectively override the global setting.
Note that the default ControlPath settings are applied only if ssh_args
is not set, and this is true of ansible_ssh_args as well. So if you want
to override ssh_args but continue to set ControlPath, you'll need to
repeat the appropriate options when setting ansible_ssh_args.
(If you only need to add options to the default ssh_args, you may be
able to use the ansible_ssh_extra_args inventory variable instead.)
commit 37c1a5b6794cee29a7809ad056a86365a2c0f886
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Mon Aug 10 19:42:30 2015 +0530
Allow overriding ansible_ssh_extra_args on the command-line
This patch makes it possible to do:
ansible somehost -m setup \
--ssh-extra-args '-o ProxyCommand="ssh -W %h:%p -q user@bouncer.example.com"'
This overrides the inventory setting, if any, of ansible_ssh_extra_args.
Based on a patch originally by @Richard2ndQuadrant.
commit b023ace8a8a7ce6800e29129a27ebe8bf6bd38e0
Author: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Mon Aug 10 19:06:19 2015 +0530
Add an ansible_ssh_extra_args inventory variable
This can be used to configure a per-host or per-group ProxyCommand to
connect to hosts through a jumphost, e.g.:
inventory:
[gatewayed]
foo ansible_ssh_host=192.0.2.1
group_vars/gatewayed.yml:
ansible_ssh_extra_args: '-o ProxyCommand="ssh -W %h:%p -q bounceuser@gateway.example.com"'
Note that this variable is used in addition to any ssh_args configured
in the [ssh_connection] section of ansible.cfg (so you don't need to
repeat the ControlPath settings in ansible_ssh_extra_args).
529 lines
21 KiB
Python
529 lines
21 KiB
Python
# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com>
|
|
#
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
from __future__ import (absolute_import, division, print_function)
|
|
__metaclass__ = type
|
|
|
|
import gettext
|
|
import fcntl
|
|
import hmac
|
|
import os
|
|
import pipes
|
|
import pty
|
|
import pwd
|
|
import random
|
|
import re
|
|
import select
|
|
import shlex
|
|
import subprocess
|
|
import time
|
|
|
|
from hashlib import sha1
|
|
|
|
from ansible import constants as C
|
|
from ansible.errors import AnsibleError, AnsibleConnectionFailure, AnsibleFileNotFound
|
|
from ansible.plugins.connections import ConnectionBase
|
|
|
|
class Connection(ConnectionBase):
|
|
''' ssh based connections '''
|
|
|
|
has_pipelining = True
|
|
become_methods = frozenset(C.BECOME_METHODS).difference(['runas'])
|
|
|
|
def __init__(self, *args, **kwargs):
|
|
# SSH connection specific init stuff
|
|
self._common_args = []
|
|
self.HASHED_KEY_MAGIC = "|1|"
|
|
|
|
# FIXME: move the lockfile locations to ActionBase?
|
|
#fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX)
|
|
#self.cp_dir = utils.prepare_writeable_dir('$HOME/.ansible/cp',mode=0700)
|
|
self._cp_dir = '/tmp'
|
|
#fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN)
|
|
|
|
super(Connection, self).__init__(*args, **kwargs)
|
|
|
|
self.host = self._play_context.remote_addr
|
|
self.ssh_extra_args = ''
|
|
self.ssh_args = ''
|
|
|
|
def set_host_overrides(self, host):
|
|
v = host.get_vars()
|
|
if 'ansible_ssh_extra_args' in v:
|
|
self.ssh_extra_args = v['ansible_ssh_extra_args']
|
|
if 'ansible_ssh_args' in v:
|
|
self.ssh_args = v['ansible_ssh_args']
|
|
|
|
@property
|
|
def transport(self):
|
|
''' used to identify this connection object from other classes '''
|
|
return 'ssh'
|
|
|
|
def _split_args(self, argstring):
|
|
"""
|
|
Takes a string like '-o Foo=1 -o Bar="foo bar"' and returns a
|
|
list ['-o', 'Foo=1', '-o', 'Bar=foo bar'] that can be added to
|
|
the argument list. The list will not contain any empty elements.
|
|
"""
|
|
return [x.strip() for x in shlex.split(argstring) if x.strip()]
|
|
|
|
def add_args(self, explanation, args):
|
|
"""
|
|
Adds the given args to _common_args and displays a
|
|
caller-supplied explanation of why they were added.
|
|
"""
|
|
self._common_args += args
|
|
self._display.vvvvv('SSH: ' + explanation + ': (%s)' % ')('.join(args), host=self._play_context.remote_addr)
|
|
|
|
def _connect(self):
|
|
''' connect to the remote host '''
|
|
|
|
self._display.vvv("ESTABLISH SSH CONNECTION FOR USER: {0}".format(self._play_context.remote_user), host=self._play_context.remote_addr)
|
|
|
|
if self._connected:
|
|
return self
|
|
|
|
# We start with ansible_ssh_args from the inventory if it's set,
|
|
# or [ssh_connection]ssh_args from ansible.cfg, or the default
|
|
# Control* settings.
|
|
|
|
if self.ssh_args:
|
|
args = self._split_args(self.ssh_args)
|
|
self.add_args("inventory set ansible_ssh_args", args)
|
|
elif C.ANSIBLE_SSH_ARGS:
|
|
args = self._split_args(C.ANSIBLE_SSH_ARGS)
|
|
self.add_args("ansible.cfg set ssh_args", args)
|
|
else:
|
|
args = (
|
|
"-o", "ControlMaster=auto",
|
|
"-o", "ControlPersist=60s"
|
|
)
|
|
self.add_args("default arguments", args)
|
|
|
|
# If any of the above have set ControlPersist but not a
|
|
# ControlPath, add one ourselves.
|
|
|
|
cp_in_use = False
|
|
cp_path_set = False
|
|
for arg in self._common_args:
|
|
if "ControlPersist" in arg:
|
|
cp_in_use = True
|
|
if "ControlPath" in arg:
|
|
cp_path_set = True
|
|
|
|
if cp_in_use and not cp_path_set:
|
|
args = ("-o", "ControlPath=\"{0}\"".format(
|
|
C.ANSIBLE_SSH_CONTROL_PATH % dict(directory=self._cp_dir))
|
|
)
|
|
self.add_args("found only ControlPersist; added ControlPath", args)
|
|
|
|
if not C.HOST_KEY_CHECKING:
|
|
self.add_args(
|
|
"ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled",
|
|
("-o", "StrictHostKeyChecking=no")
|
|
)
|
|
|
|
if self._play_context.port is not None:
|
|
self.add_args(
|
|
"ANSIBLE_REMOTE_PORT/remote_port/ansible_ssh_port set",
|
|
("-o", "Port={0}".format(self._play_context.port))
|
|
)
|
|
|
|
key = self._play_context.private_key_file
|
|
if key:
|
|
self.add_args(
|
|
"ANSIBLE_PRIVATE_KEY_FILE/private_key_file/ansible_ssh_private_key_file set",
|
|
("-o", "IdentityFile=\"{0}\"".format(os.path.expanduser(key)))
|
|
)
|
|
|
|
if not self._play_context.password:
|
|
self.add_args(
|
|
"ansible_password/ansible_ssh_pass not set", (
|
|
"-o", "KbdInteractiveAuthentication=no",
|
|
"-o", "PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey",
|
|
"-o", "PasswordAuthentication=no"
|
|
)
|
|
)
|
|
|
|
user = self._play_context.remote_user
|
|
if user and user != pwd.getpwuid(os.geteuid())[0]:
|
|
self.add_args(
|
|
"ANSIBLE_REMOTE_USER/remote_user/ansible_ssh_user/user/-u set",
|
|
("-o", "User={0}".format(self._play_context.remote_user))
|
|
)
|
|
|
|
self.add_args(
|
|
"ANSIBLE_TIMEOUT/timeout set",
|
|
("-o", "ConnectTimeout={0}".format(self._play_context.timeout))
|
|
)
|
|
|
|
# If any extra SSH arguments are specified in the inventory for
|
|
# this host, or specified as an override on the command line,
|
|
# add them in.
|
|
|
|
if self._play_context.ssh_extra_args:
|
|
args = self._split_args(self._play_context.ssh_extra_args)
|
|
self.add_args("command-line added --ssh-extra-args", args)
|
|
elif self.ssh_extra_args:
|
|
args = self._split_args(self.ssh_extra_args)
|
|
self.add_args("inventory added ansible_ssh_extra_args", args)
|
|
|
|
self._connected = True
|
|
|
|
return self
|
|
|
|
def _run(self, cmd, indata):
|
|
if indata:
|
|
# do not use pseudo-pty
|
|
p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
stdin = p.stdin
|
|
else:
|
|
# try to use upseudo-pty
|
|
try:
|
|
# Make sure stdin is a proper (pseudo) pty to avoid: tcgetattr errors
|
|
master, slave = pty.openpty()
|
|
p = subprocess.Popen(cmd, stdin=slave, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
stdin = os.fdopen(master, 'w', 0)
|
|
os.close(slave)
|
|
except:
|
|
p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
stdin = p.stdin
|
|
|
|
return (p, stdin)
|
|
|
|
def _password_cmd(self):
|
|
if self._play_context.password:
|
|
try:
|
|
p = subprocess.Popen(["sshpass"], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
p.communicate()
|
|
except OSError:
|
|
raise AnsibleError("to use the 'ssh' connection type with passwords, you must install the sshpass program")
|
|
(self.rfd, self.wfd) = os.pipe()
|
|
return ["sshpass", "-d{0}".format(self.rfd)]
|
|
return []
|
|
|
|
def _send_password(self):
|
|
if self._play_context.password:
|
|
os.close(self.rfd)
|
|
os.write(self.wfd, "{0}\n".format(self._play_context.password))
|
|
os.close(self.wfd)
|
|
|
|
def _communicate(self, p, stdin, indata, sudoable=True):
|
|
fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) & ~os.O_NONBLOCK)
|
|
fcntl.fcntl(p.stderr, fcntl.F_SETFL, fcntl.fcntl(p.stderr, fcntl.F_GETFL) & ~os.O_NONBLOCK)
|
|
# We can't use p.communicate here because the ControlMaster may have stdout open as well
|
|
stdout = ''
|
|
stderr = ''
|
|
rpipes = [p.stdout, p.stderr]
|
|
if indata:
|
|
try:
|
|
stdin.write(indata)
|
|
stdin.close()
|
|
except:
|
|
raise AnsibleConnectionFailure('SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh')
|
|
# Read stdout/stderr from process
|
|
while True:
|
|
rfd, wfd, efd = select.select(rpipes, [], rpipes, 1)
|
|
|
|
# fail early if the become password is wrong
|
|
if self._play_context.become and sudoable:
|
|
if self._play_context.become_pass:
|
|
self.check_incorrect_password(stdout)
|
|
elif self.check_password_prompt(stdout):
|
|
raise AnsibleError('Missing %s password' % self._play_context.become_method)
|
|
|
|
if p.stderr in rfd:
|
|
dat = os.read(p.stderr.fileno(), 9000)
|
|
stderr += dat
|
|
if dat == '':
|
|
rpipes.remove(p.stderr)
|
|
elif p.stdout in rfd:
|
|
dat = os.read(p.stdout.fileno(), 9000)
|
|
stdout += dat
|
|
if dat == '':
|
|
rpipes.remove(p.stdout)
|
|
|
|
# only break out if no pipes are left to read or
|
|
# the pipes are completely read and
|
|
# the process is terminated
|
|
if (not rpipes or not rfd) and p.poll() is not None:
|
|
break
|
|
# No pipes are left to read but process is not yet terminated
|
|
# Only then it is safe to wait for the process to be finished
|
|
# NOTE: Actually p.poll() is always None here if rpipes is empty
|
|
elif not rpipes and p.poll() == None:
|
|
p.wait()
|
|
# The process is terminated. Since no pipes to read from are
|
|
# left, there is no need to call select() again.
|
|
break
|
|
# close stdin after process is terminated and stdout/stderr are read
|
|
# completely (see also issue #848)
|
|
stdin.close()
|
|
return (p.returncode, stdout, stderr)
|
|
|
|
def lock_host_keys(self, lock):
|
|
|
|
# lock around the initial SSH connectivity so the user prompt about
|
|
# whether to add the host to known hosts is not intermingled with
|
|
# multiprocess output.
|
|
#
|
|
# This is a noop for now, pending further investigation. The lock file
|
|
# should be opened in TaskQueueManager and passed down through the
|
|
# PlayContext.
|
|
|
|
pass
|
|
|
|
def exec_command(self, *args, **kwargs):
|
|
"""
|
|
Wrapper around _exec_command to retry in the case of an ssh failure
|
|
|
|
Will retry if:
|
|
* an exception is caught
|
|
* ssh returns 255
|
|
Will not retry if
|
|
* remaining_tries is <2
|
|
* retries limit reached
|
|
"""
|
|
|
|
remaining_tries = int(C.ANSIBLE_SSH_RETRIES) + 1
|
|
cmd_summary = "%s..." % args[0]
|
|
for attempt in xrange(remaining_tries):
|
|
try:
|
|
return_tuple = self._exec_command(*args, **kwargs)
|
|
# 0 = success
|
|
# 1-254 = remote command return code
|
|
# 255 = failure from the ssh command itself
|
|
if return_tuple[0] != 255 or attempt == (remaining_tries - 1):
|
|
break
|
|
else:
|
|
raise AnsibleConnectionFailure("Failed to connect to the host via ssh.")
|
|
except (AnsibleConnectionFailure, Exception) as e:
|
|
if attempt == remaining_tries - 1:
|
|
raise e
|
|
else:
|
|
pause = 2 ** attempt - 1
|
|
if pause > 30:
|
|
pause = 30
|
|
|
|
if isinstance(e, AnsibleConnectionFailure):
|
|
msg = "ssh_retry: attempt: %d, ssh return code is 255. cmd (%s), pausing for %d seconds" % (attempt, cmd_summary, pause)
|
|
else:
|
|
msg = "ssh_retry: attempt: %d, caught exception(%s) from cmd (%s), pausing for %d seconds" % (attempt, e, cmd_summary, pause)
|
|
|
|
self._display.vv(msg)
|
|
|
|
time.sleep(pause)
|
|
continue
|
|
|
|
|
|
return return_tuple
|
|
|
|
def _exec_command(self, cmd, tmp_path, in_data=None, sudoable=True):
|
|
''' run a command on the remote host '''
|
|
|
|
super(Connection, self).exec_command(cmd, tmp_path, in_data=in_data, sudoable=sudoable)
|
|
|
|
ssh_cmd = self._password_cmd()
|
|
ssh_cmd += ("ssh", "-C")
|
|
if not in_data:
|
|
# we can only use tty when we are not pipelining the modules. piping data into /usr/bin/python
|
|
# inside a tty automatically invokes the python interactive-mode but the modules are not
|
|
# compatible with the interactive-mode ("unexpected indent" mainly because of empty lines)
|
|
ssh_cmd.append("-tt")
|
|
if self._play_context.verbosity > 3:
|
|
ssh_cmd.append("-vvv")
|
|
else:
|
|
ssh_cmd.append("-q")
|
|
ssh_cmd += self._common_args
|
|
|
|
ssh_cmd.append(self.host)
|
|
|
|
ssh_cmd.append(cmd)
|
|
self._display.vvv("EXEC {0}".format(' '.join(ssh_cmd)), host=self.host)
|
|
|
|
self.lock_host_keys(True)
|
|
|
|
# create process
|
|
(p, stdin) = self._run(ssh_cmd, in_data)
|
|
|
|
self._send_password()
|
|
|
|
no_prompt_out = ''
|
|
no_prompt_err = ''
|
|
|
|
if self._play_context.prompt:
|
|
'''
|
|
Several cases are handled for privileges with password
|
|
* NOPASSWD (tty & no-tty): detect success_key on stdout
|
|
* without NOPASSWD:
|
|
* detect prompt on stdout (tty)
|
|
* detect prompt on stderr (no-tty)
|
|
'''
|
|
|
|
self._display.debug("Handling privilege escalation password prompt.")
|
|
|
|
if self._play_context.become and self._play_context.become_pass:
|
|
|
|
fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK)
|
|
fcntl.fcntl(p.stderr, fcntl.F_SETFL, fcntl.fcntl(p.stderr, fcntl.F_GETFL) | os.O_NONBLOCK)
|
|
|
|
become_output = ''
|
|
become_errput = ''
|
|
passprompt = False
|
|
while True:
|
|
self._display.debug('Waiting for Privilege Escalation input')
|
|
|
|
if self.check_become_success(become_output + become_errput):
|
|
self._display.debug('Succeded!')
|
|
break
|
|
elif self.check_password_prompt(become_output) or self.check_password_prompt(become_errput):
|
|
self._display.debug('Password prompt!')
|
|
passprompt = True
|
|
break
|
|
|
|
self._display.debug('Read next chunks')
|
|
rfd, wfd, efd = select.select([p.stdout, p.stderr], [], [p.stdout], self._play_context.timeout)
|
|
if not rfd:
|
|
# timeout. wrap up process communication
|
|
stdout, stderr = p.communicate()
|
|
raise AnsibleError('Connection error waiting for privilege escalation password prompt: %s' % become_output)
|
|
|
|
elif p.stderr in rfd:
|
|
chunk = p.stderr.read()
|
|
become_errput += chunk
|
|
self._display.debug('stderr chunk is: %s' % chunk)
|
|
self.check_incorrect_password(become_errput)
|
|
|
|
elif p.stdout in rfd:
|
|
chunk = p.stdout.read()
|
|
become_output += chunk
|
|
self._display.debug('stdout chunk is: %s' % chunk)
|
|
|
|
|
|
if not chunk:
|
|
break
|
|
#raise AnsibleError('Connection closed waiting for privilege escalation password prompt: %s ' % become_output)
|
|
|
|
if passprompt:
|
|
self._display.debug("Sending privilege escalation password.")
|
|
stdin.write(self._play_context.become_pass + '\n')
|
|
else:
|
|
no_prompt_out = become_output
|
|
no_prompt_err = become_errput
|
|
|
|
|
|
(returncode, stdout, stderr) = self._communicate(p, stdin, in_data, sudoable=sudoable)
|
|
|
|
self.lock_host_keys(False)
|
|
|
|
controlpersisterror = 'Bad configuration option: ControlPersist' in stderr or 'unknown configuration option: ControlPersist' in stderr
|
|
|
|
if C.HOST_KEY_CHECKING:
|
|
if ssh_cmd[0] == "sshpass" and p.returncode == 6:
|
|
raise AnsibleError('Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host\'s fingerprint to your known_hosts file to manage this host.')
|
|
|
|
if p.returncode != 0 and controlpersisterror:
|
|
raise AnsibleError('using -c ssh on certain older ssh versions may not support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ssh_args in [ssh_connection] section of the config file) before running again')
|
|
# FIXME: module name isn't in runner
|
|
#if p.returncode == 255 and (in_data or self.runner.module_name == 'raw'):
|
|
if p.returncode == 255 and in_data:
|
|
raise AnsibleConnectionFailure('SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh')
|
|
|
|
return (p.returncode, '', no_prompt_out + stdout, no_prompt_err + stderr)
|
|
|
|
def put_file(self, in_path, out_path):
|
|
''' transfer a file from local to remote '''
|
|
|
|
super(Connection, self).put_file(in_path, out_path)
|
|
|
|
self._display.vvv("PUT {0} TO {1}".format(in_path, out_path), host=self.host)
|
|
if not os.path.exists(in_path):
|
|
raise AnsibleFileNotFound("file or module does not exist: {0}".format(in_path))
|
|
cmd = self._password_cmd()
|
|
|
|
# scp and sftp require square brackets for IPv6 addresses, but
|
|
# accept them for hostnames and IPv4 addresses too.
|
|
host = '[%s]' % self.host
|
|
|
|
if C.DEFAULT_SCP_IF_SSH:
|
|
cmd.append('scp')
|
|
cmd.extend(self._common_args)
|
|
cmd.extend([in_path, '{0}:{1}'.format(host, pipes.quote(out_path))])
|
|
indata = None
|
|
else:
|
|
cmd.append('sftp')
|
|
cmd.extend(self._common_args)
|
|
cmd.append(host)
|
|
indata = "put {0} {1}\n".format(pipes.quote(in_path), pipes.quote(out_path))
|
|
|
|
(p, stdin) = self._run(cmd, indata)
|
|
|
|
self._send_password()
|
|
|
|
(returncode, stdout, stderr) = self._communicate(p, stdin, indata)
|
|
|
|
if returncode != 0:
|
|
raise AnsibleError("failed to transfer file to {0}:\n{1}\n{2}".format(out_path, stdout, stderr))
|
|
|
|
def fetch_file(self, in_path, out_path):
|
|
''' fetch a file from remote to local '''
|
|
|
|
super(Connection, self).fetch_file(in_path, out_path)
|
|
|
|
self._display.vvv("FETCH {0} TO {1}".format(in_path, out_path), host=self.host)
|
|
cmd = self._password_cmd()
|
|
|
|
|
|
if C.DEFAULT_SCP_IF_SSH:
|
|
cmd.append('scp')
|
|
cmd.extend(self._common_args)
|
|
cmd.extend(['{0}:{1}'.format(self.host, in_path), out_path])
|
|
indata = None
|
|
else:
|
|
cmd.append('sftp')
|
|
# sftp batch mode allows us to correctly catch failed transfers,
|
|
# but can be disabled if for some reason the client side doesn't
|
|
# support the option
|
|
if C.DEFAULT_SFTP_BATCH_MODE:
|
|
cmd.append('-b')
|
|
cmd.append('-')
|
|
cmd.extend(self._common_args)
|
|
cmd.append(self.host)
|
|
indata = "get {0} {1}\n".format(in_path, out_path)
|
|
|
|
p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
self._send_password()
|
|
stdout, stderr = p.communicate(indata)
|
|
|
|
if p.returncode != 0:
|
|
raise AnsibleError("failed to transfer file from {0}:\n{1}\n{2}".format(in_path, stdout, stderr))
|
|
|
|
def close(self):
|
|
''' not applicable since we're executing openssh binaries '''
|
|
|
|
if self._connected:
|
|
|
|
if 'ControlMaster' in self._common_args:
|
|
cmd = ['ssh','-O','stop']
|
|
cmd.extend(self._common_args)
|
|
cmd.append(self._play_context.remote_addr)
|
|
|
|
p = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
stdout, stderr = p.communicate()
|
|
|
|
self._connected = False
|
|
|