mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-04-24 11:21:25 -07:00
23b1dbacaf
* included inventory and callback in new config allow inventory to be configurable updated connection options settings also updated winrm to work with new configs removed now obsolete set_host_overrides added notes for future bcoca, current one is just punting, it's future's problem updated docs per feedback added remove group/host methods to inv data moved fact cache from data to constructed cleaner/better options fix when vars are added extended ignore list to config dicts updated paramiko connection docs removed options from base that paramiko already handles left the look option as it is used by other plugin types resolve delegation updated cache doc options fixed test_script better fragment merge for options fixed proxy command restore ini for proxy normalized options moved pipelining to class updates for host_key_checking restructured mixins * fix typo
273 lines
12 KiB
Python
273 lines
12 KiB
Python
# (c) 2012-2014, Michael DeHaan <michael.dehaan@gmail.com>
|
|
# (c) 2015 Toshio Kuratomi <tkuratomi@ansible.com>
|
|
# (c) 2017, Peter Sprygada <psprygad@redhat.com>
|
|
# (c) 2017 Ansible Project
|
|
from __future__ import (absolute_import, division, print_function)
|
|
__metaclass__ = type
|
|
|
|
import fcntl
|
|
import gettext
|
|
import os
|
|
import shlex
|
|
from abc import abstractmethod, abstractproperty
|
|
from functools import wraps
|
|
|
|
from ansible import constants as C
|
|
from ansible.errors import AnsibleError
|
|
from ansible.module_utils.six import string_types
|
|
from ansible.module_utils._text import to_bytes, to_text
|
|
from ansible.plugins import AnsiblePlugin
|
|
from ansible.plugins.loader import shell_loader
|
|
|
|
try:
|
|
from __main__ import display
|
|
except ImportError:
|
|
from ansible.utils.display import Display
|
|
display = Display()
|
|
|
|
|
|
__all__ = ['ConnectionBase', 'ensure_connect']
|
|
|
|
BUFSIZE = 65536
|
|
|
|
|
|
def ensure_connect(func):
|
|
@wraps(func)
|
|
def wrapped(self, *args, **kwargs):
|
|
if not self._connected:
|
|
self._connect()
|
|
return func(self, *args, **kwargs)
|
|
return wrapped
|
|
|
|
|
|
class ConnectionBase(AnsiblePlugin):
|
|
'''
|
|
A base class for connections to contain common code.
|
|
'''
|
|
|
|
has_pipelining = False
|
|
has_native_async = False # eg, winrm
|
|
always_pipeline_modules = False # eg, winrm
|
|
become_methods = C.BECOME_METHODS
|
|
# When running over this connection type, prefer modules written in a certain language
|
|
# as discovered by the specified file extension. An empty string as the
|
|
# language means any language.
|
|
module_implementation_preferences = ('',)
|
|
allow_executable = True
|
|
|
|
# the following control whether or not the connection supports the
|
|
# persistent connection framework or not
|
|
supports_persistence = False
|
|
force_persistence = False
|
|
|
|
def __init__(self, play_context, new_stdin, *args, **kwargs):
|
|
|
|
super(ConnectionBase, self).__init__()
|
|
|
|
# All these hasattrs allow subclasses to override these parameters
|
|
if not hasattr(self, '_play_context'):
|
|
self._play_context = play_context
|
|
if not hasattr(self, '_new_stdin'):
|
|
self._new_stdin = new_stdin
|
|
# Backwards compat: self._display isn't really needed, just import the global display and use that.
|
|
if not hasattr(self, '_display'):
|
|
self._display = display
|
|
if not hasattr(self, '_connected'):
|
|
self._connected = False
|
|
|
|
self.success_key = None
|
|
self.prompt = None
|
|
self._connected = False
|
|
|
|
self._socket_path = None
|
|
|
|
# load the shell plugin for this action/connection
|
|
if play_context.shell:
|
|
shell_type = play_context.shell
|
|
elif hasattr(self, '_shell_type'):
|
|
shell_type = getattr(self, '_shell_type')
|
|
else:
|
|
shell_type = 'sh'
|
|
shell_filename = os.path.basename(self._play_context.executable)
|
|
for shell in shell_loader.all():
|
|
if shell_filename in shell.COMPATIBLE_SHELLS:
|
|
shell_type = shell.SHELL_FAMILY
|
|
break
|
|
|
|
self._shell = shell_loader.get(shell_type)
|
|
if not self._shell:
|
|
raise AnsibleError("Invalid shell type specified (%s), or the plugin for that shell type is missing." % shell_type)
|
|
|
|
@property
|
|
def connected(self):
|
|
'''Read-only property holding whether the connection to the remote host is active or closed.'''
|
|
return self._connected
|
|
|
|
@property
|
|
def socket_path(self):
|
|
'''Read-only property holding the connection socket path for this remote host'''
|
|
return self._socket_path
|
|
|
|
def _become_method_supported(self):
|
|
''' Checks if the current class supports this privilege escalation method '''
|
|
|
|
if self._play_context.become_method in self.become_methods:
|
|
return True
|
|
|
|
raise AnsibleError("Internal Error: this connection module does not support running commands via %s" % self._play_context.become_method)
|
|
|
|
@staticmethod
|
|
def _split_ssh_args(argstring):
|
|
"""
|
|
Takes a string like '-o Foo=1 -o Bar="foo bar"' and returns a
|
|
list ['-o', 'Foo=1', '-o', 'Bar=foo bar'] that can be added to
|
|
the argument list. The list will not contain any empty elements.
|
|
"""
|
|
try:
|
|
# Python 2.6.x shlex doesn't handle unicode type so we have to
|
|
# convert args to byte string for that case. More efficient to
|
|
# try without conversion first but python2.6 doesn't throw an
|
|
# exception, it merely mangles the output:
|
|
# >>> shlex.split(u't e')
|
|
# ['t\x00\x00\x00', '\x00\x00\x00e\x00\x00\x00']
|
|
return [to_text(x.strip()) for x in shlex.split(to_bytes(argstring)) if x.strip()]
|
|
except AttributeError:
|
|
# In Python3, shlex.split doesn't work on a byte string.
|
|
return [to_text(x.strip()) for x in shlex.split(argstring) if x.strip()]
|
|
|
|
@abstractproperty
|
|
def transport(self):
|
|
"""String used to identify this Connection class from other classes"""
|
|
pass
|
|
|
|
@abstractmethod
|
|
def _connect(self):
|
|
"""Connect to the host we've been initialized with"""
|
|
|
|
# Check if PE is supported
|
|
if self._play_context.become:
|
|
self._become_method_supported()
|
|
|
|
@ensure_connect
|
|
@abstractmethod
|
|
def exec_command(self, cmd, in_data=None, sudoable=True):
|
|
"""Run a command on the remote host.
|
|
|
|
:arg cmd: byte string containing the command
|
|
:kwarg in_data: If set, this data is passed to the command's stdin.
|
|
This is used to implement pipelining. Currently not all
|
|
connection plugins implement pipelining.
|
|
:kwarg sudoable: Tell the connection plugin if we're executing
|
|
a command via a privilege escalation mechanism. This may affect
|
|
how the connection plugin returns data. Note that not all
|
|
connections can handle privilege escalation.
|
|
:returns: a tuple of (return code, stdout, stderr) The return code is
|
|
an int while stdout and stderr are both byte strings.
|
|
|
|
When a command is executed, it goes through multiple commands to get
|
|
there. It looks approximately like this::
|
|
|
|
[LocalShell] ConnectionCommand [UsersLoginShell (*)] ANSIBLE_SHELL_EXECUTABLE [(BecomeCommand ANSIBLE_SHELL_EXECUTABLE)] Command
|
|
:LocalShell: Is optional. It is run locally to invoke the
|
|
``Connection Command``. In most instances, the
|
|
``ConnectionCommand`` can be invoked directly instead. The ssh
|
|
connection plugin which can have values that need expanding
|
|
locally specified via ssh_args is the sole known exception to
|
|
this. Shell metacharacters in the command itself should be
|
|
processed on the remote machine, not on the local machine so no
|
|
shell is needed on the local machine. (Example, ``/bin/sh``)
|
|
:ConnectionCommand: This is the command that connects us to the remote
|
|
machine to run the rest of the command. ``ansible_ssh_user``,
|
|
``ansible_ssh_host`` and so forth are fed to this piece of the
|
|
command to connect to the correct host (Examples ``ssh``,
|
|
``chroot``)
|
|
:UsersLoginShell: This shell may or may not be created depending on
|
|
the ConnectionCommand used by the connection plugin. This is the
|
|
shell that the ``ansible_ssh_user`` has configured as their login
|
|
shell. In traditional UNIX parlance, this is the last field of
|
|
a user's ``/etc/passwd`` entry We do not specifically try to run
|
|
the ``UsersLoginShell`` when we connect. Instead it is implicit
|
|
in the actions that the ``ConnectionCommand`` takes when it
|
|
connects to a remote machine. ``ansible_shell_type`` may be set
|
|
to inform ansible of differences in how the ``UsersLoginShell``
|
|
handles things like quoting if a shell has different semantics
|
|
than the Bourne shell.
|
|
:ANSIBLE_SHELL_EXECUTABLE: This is the shell set via the inventory var
|
|
``ansible_shell_executable`` or via
|
|
``constants.DEFAULT_EXECUTABLE`` if the inventory var is not set.
|
|
We explicitly invoke this shell so that we have predictable
|
|
quoting rules at this point. ``ANSIBLE_SHELL_EXECUTABLE`` is only
|
|
settable by the user because some sudo setups may only allow
|
|
invoking a specific shell. (For instance, ``/bin/bash`` may be
|
|
allowed but ``/bin/sh``, our default, may not). We invoke this
|
|
twice, once after the ``ConnectionCommand`` and once after the
|
|
``BecomeCommand``. After the ConnectionCommand, this is run by
|
|
the ``UsersLoginShell``. After the ``BecomeCommand`` we specify
|
|
that the ``ANSIBLE_SHELL_EXECUTABLE`` is being invoked directly.
|
|
:BecomeComand ANSIBLE_SHELL_EXECUTABLE: Is the command that performs
|
|
privilege escalation. Setting this up is performed by the action
|
|
plugin prior to running ``exec_command``. So we just get passed
|
|
:param:`cmd` which has the BecomeCommand already added.
|
|
(Examples: sudo, su) If we have a BecomeCommand then we will
|
|
invoke a ANSIBLE_SHELL_EXECUTABLE shell inside of it so that we
|
|
have a consistent view of quoting.
|
|
:Command: Is the command we're actually trying to run remotely.
|
|
(Examples: mkdir -p $HOME/.ansible, python $HOME/.ansible/tmp-script-file)
|
|
"""
|
|
pass
|
|
|
|
@ensure_connect
|
|
@abstractmethod
|
|
def put_file(self, in_path, out_path):
|
|
"""Transfer a file from local to remote"""
|
|
pass
|
|
|
|
@ensure_connect
|
|
@abstractmethod
|
|
def fetch_file(self, in_path, out_path):
|
|
"""Fetch a file from remote to local"""
|
|
pass
|
|
|
|
@abstractmethod
|
|
def close(self):
|
|
"""Terminate the connection"""
|
|
pass
|
|
|
|
def check_become_success(self, b_output):
|
|
b_success_key = to_bytes(self._play_context.success_key)
|
|
for b_line in b_output.splitlines(True):
|
|
if b_success_key == b_line.rstrip():
|
|
return True
|
|
return False
|
|
|
|
def check_password_prompt(self, b_output):
|
|
if self._play_context.prompt is None:
|
|
return False
|
|
elif isinstance(self._play_context.prompt, string_types):
|
|
b_prompt = to_bytes(self._play_context.prompt).strip()
|
|
b_lines = b_output.splitlines()
|
|
return any(l.strip().startswith(b_prompt) for l in b_lines)
|
|
else:
|
|
return self._play_context.prompt(b_output)
|
|
|
|
def check_incorrect_password(self, b_output):
|
|
b_incorrect_password = to_bytes(gettext.dgettext(self._play_context.become_method, C.BECOME_ERROR_STRINGS[self._play_context.become_method]))
|
|
return b_incorrect_password and b_incorrect_password in b_output
|
|
|
|
def check_missing_password(self, b_output):
|
|
b_missing_password = to_bytes(gettext.dgettext(self._play_context.become_method, C.BECOME_MISSING_STRINGS[self._play_context.become_method]))
|
|
return b_missing_password and b_missing_password in b_output
|
|
|
|
def connection_lock(self):
|
|
f = self._play_context.connection_lockfd
|
|
display.vvvv('CONNECTION: pid %d waiting for lock on %d' % (os.getpid(), f), host=self._play_context.remote_addr)
|
|
fcntl.lockf(f, fcntl.LOCK_EX)
|
|
display.vvvv('CONNECTION: pid %d acquired lock on %d' % (os.getpid(), f), host=self._play_context.remote_addr)
|
|
|
|
def connection_unlock(self):
|
|
f = self._play_context.connection_lockfd
|
|
fcntl.lockf(f, fcntl.LOCK_UN)
|
|
display.vvvv('CONNECTION: pid %d released lock on %d' % (os.getpid(), f), host=self._play_context.remote_addr)
|
|
|
|
def reset(self):
|
|
display.warning("Reset is not implemented for this connection")
|