-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathssh.py
More file actions
229 lines (195 loc) · 9.06 KB
/
ssh.py
File metadata and controls
229 lines (195 loc) · 9.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
# Copyright 2016, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# (c) 2016, Kevin Carter <kevin.carter@rackspace.com>
DOCUMENTATION = '''
connection: ssh
short_description: connect via ssh client binary
description:
- This connection plugin allows ansible to communicate to the target machines via normal ssh command line.
author: ansible (@core)
version_added: historical
# import all existing options from the ansible.builtin.ssh connection plugin
extends_documentation_fragment: openstack.osa.builtin_ssh_fragment
# define additional options that extend the builtin connection plugin
options:
container_name:
description: Hostname of a container
vars:
- name: container_name
container_user:
description: Username used when running command inside a container
vars:
- name: container_user
physical_host_addrs:
description: Dictionary mapping of physical hostnames and their ip addresses
vars:
- name: physical_host_addrs
physical_host:
description: Hostname of host running a given container
vars:
- name: physical_host
'''
import importlib
import os
from ansible.module_utils.six.moves import shlex_quote
SSH = importlib.import_module('ansible.plugins.connection.ssh')
class Connection(SSH.Connection):
"""Transport options for containers.
This transport option makes the assumption that the playbook context has
vars within it that contain "physical_host" which is the machine running a
given container and "container_name" which is the actual name of the
container. These options can be added into the playbook via vars set as
attributes or though the modification of the a given execution strategy to
set the attributes accordingly.
This plugin operates exactly the same way as the standard SSH plugin but
will pad pathing or add command syntax for containers when a container
is detected at runtime.
"""
transport = 'ssh'
def __init__(self, *args, **kwargs):
super(Connection, self).__init__(*args, **kwargs)
self.args = args
self.kwargs = kwargs
self.container_name = None
self.physical_host = None
# Store the container pid for multi-use
self.container_pid = None
self.is_container = None
def set_options(self, task_keys=None, var_options=None, direct=None):
super(Connection, self).set_options(task_keys=task_keys, var_options=var_options, direct=direct)
self.container_name = self.get_option('container_name')
self.physical_host = self.get_option('physical_host')
# Check to see if container_user is setup first, if so use that value.
# If it isn't, then default to 'root'
# The connection's shell plugin also needs to be initialized here and
# updated to use a system writable temp directory to avoid requiring
# that container_user have sudo privileges.
self.container_user = self.get_option('container_user') or 'root'
if self.container_user != 'root':
self._shell.set_options(var_options={})
self._shell.set_option('remote_tmp', self._shell.get_option('system_tmpdirs')[0])
self.is_container = self._container_check()
if self.is_container:
physical_host_addrs = self.get_option('physical_host_addrs') or {}
if self.host in physical_host_addrs.values():
self.container_name = None
else:
self._set_physical_host_addr(physical_host_addrs)
def _set_physical_host_addr(self, physical_host_addrs):
physical_host_addr = physical_host_addrs.get(self.physical_host,
self.physical_host)
self.host = self._options['host'] = self._play_context.remote_addr = physical_host_addr
def exec_command(self, cmd, in_data=None, sudoable=True):
"""run a command on the remote host."""
if self.is_container:
# NOTE(hwoarang): the shlex_quote method is necessary here because
# we need to properly quote the cmd as it's being passed as argument
# to the -c su option. The Ansible ssh class has already
# quoted the command of the _executable_ (ie /bin/bash -c "$cmd").
# However, we also need to quote the executable itself because the
# entire command is being passed to the su process. This produces
# a somewhat ugly output with too many quotes in a row but we can't
# do much since we are effectively passing a command to a command
# to a command etc... It's somewhat ugly but maybe it can be
# improved somehow...
_pad = 'lxc-attach --clear-env --name %s' % self.container_name
cmd = '%s %s -- su - %s -c %s' % (
self._play_context.become_method,
_pad,
self.container_user,
shlex_quote(cmd)
)
return super(Connection, self).exec_command(cmd, in_data, sudoable)
def _container_check(self):
if self.container_name is not None:
SSH.display.vvv(u'container_name: "%s"' % self.container_name)
if self.physical_host is not None:
SSH.display.vvv(
u'physical_host: "%s"' % self.physical_host
)
if self.container_name != self.physical_host and \
self.container_name != self.host:
SSH.display.vvv(u'Container confirmed')
return True
return False
def _pid_lookup(self, subdir=None):
"""Lookup the container pid return padding.
The container pid path will be set and returned to the
function. If this is a new lookup, the method will run
a lookup command and set the "self.container_pid" variable
so that a container lookup is not required on a subsequent
command within the same task.
"""
pid_path = """/proc/%s"""
if not subdir:
subdir = 'root'
if not self.container_pid:
ssh_executable = self.get_option('ssh_executable')
lookup_command = (u"lxc-info -Hpn '%s'" % self.container_name)
args = (ssh_executable, 'ssh', self.host, lookup_command)
returncode, stdout, _ = self._run(
self._build_command(*args),
in_data=None,
sudoable=False
)
self.container_pid = stdout.strip()
pid_path = os.path.join(
pid_path % SSH.to_text(self.container_pid),
subdir
)
return returncode, pid_path
else:
return 0, os.path.join(
pid_path % SSH.to_text(self.container_pid),
subdir
)
def _container_path_pad(self, path):
returncode, pid_path = self._pid_lookup()
if returncode == 0:
pad = os.path.join(
pid_path,
path.lstrip(os.sep)
)
SSH.display.vvv(
u'The path has been padded with the following to support a'
u' container rootfs: [ %s ]' % pad
)
return pad
else:
return path
def fetch_file(self, in_path, out_path):
"""fetch a file from remote to local."""
if self.is_container:
in_path = self._container_path_pad(path=in_path)
return super(Connection, self).fetch_file(in_path, out_path)
def put_file(self, in_path, out_path):
"""transfer a file from local to remote."""
_out_path = os.path.expanduser(out_path)
if self.is_container:
_out_path = self._container_path_pad(path=_out_path)
res = super(Connection, self).put_file(in_path, _out_path)
# NOTE(mnaser): If we're running without a container, we break out
# here to avoid the extra round-trip for the unnecessary
# chown.
if not self.is_container:
return res
# NOTE(pabelanger): Because we put_file as remote_user, it is possible
# that user doesn't exist inside the container, so use the root user to
# chown the file to container_user.
if self.container_user != self._play_context.remote_user:
_user = self.container_user
self.container_user = 'root'
self.exec_command('chown %s %s' % (_user, out_path))
self.container_user = _user