Close proxycommand socket when its not needed anymore and resolve ssh zombies

[eedgar]

Needs confirmation that this is written correctly from @eedgar (-- @punkrokk )
Paramiko has a bug that is not patched, that causes ssh proxy connected to not get closed.

eg. zombie ssh processes are left from the proxycommand

If I were to modify my st2.conf file as follows:

#/bin/bash
crudini --set /etc/st2/st2.conf ssh_runner use_ssh_config True
crudini --set /etc/st2/st2.conf ssh_runner ssh_config_file_path /root/.ssh/config
chown -R root:root /root/.ssh/*
chmod 600 /root/.ssh/config
chmod 600 /root/.ssh/id_rsa

  Host 10.1.*
    ProxyCommand ssh -o StrictHostKeyChecking=no bastion nc %h %p
    IdentityFile ~/.ssh/id_rsa
    User stanley

  Host bastion
    Hostname bastion.example.com
    IdentityFile ~/.ssh/id_rsa
    User stanley

We end up with zombie ssh connections. Paramiko has a bug, but it is not patched: paramiko/paramiko#789

This PR checks for sockets that are left open and closes them.

[CLAassistant]

All committers have signed the CLA.

[punkrokk]

@StackStorm/maintainers Can someone comment on how to update the Unit tests based on this find?

StackStorm/st2docs#965

[punkrokk]

@eedgar are you able to help us update the CI tests for this?

[blag]

I think I spotted a bug preventing this from being adequately run and tested, as well as a lint issue.

Check out st2actions/tests/unit/test_paramiko_ssh.py for examples of unit tests of this code.

[punkrokk]

@eedgar Can you please add a changelog here: https://github.com/StackStorm/st2/blob/master/CHANGELOG.rst

[blag]

Looking much better. Would like some TODO comments so we can come back and improve this code once we're developing for Python 3.6+ only (eg: after ST2 v3.2 is released, which should be "soon").

[blag]

Thanks!

[arm4b]

Merging.

Thanks @eedgar for the contribution and @punkrokk @blag for the review and great effort in getting the PR reach the quality bar!

[punkrokk]

Really thanks to @eedgar for the 2nd effort here!