-
Notifications
You must be signed in to change notification settings - Fork 650
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[306] Shells that use pipes should set the pipefail option - hard to comply on non-RHEL #497
Comments
I found workaround for this:
|
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
Fixes a slew of minor ansible-lint complaints. As for why the pipe stuff is added that is because lint complains, and found a portable way to express this for non RHEL releases [0]. [0] ansible/ansible-lint#497 Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 102edae)
This commit fixes the error [306]: `[306] Shells that use pipes should set the pipefail option` using `/bin/bash` as executable because Debian/Ubuntu systems use `dash` by default which doesn't have the `-o pipefail`. (See: ansible/ansible-lint#497 (comment)) Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com> (cherry picked from commit 102edae)
Perhaps the solution here would be to only check this if the executable is bash. |
Distros like debian and ubuntu, are using dash as default shell, who doesn't have set -o pipefail, however, these distros also have bash installed, and can be used. According ansible/ansible-lint#497 the way to fix it right now, is to use /bin/bash in the shell command that requires the set -o pipefail. This is already done in other components like ceph-ansible for example, and would allow us to use collect-logs in other distros. This is also required to have collect-logs running in OSA jobs, since they test different distros. Change-Id: If3c3b9275ce3df574511a18e3455741069bb6d26
* Update ansible-role-collect-logs from branch 'master' - Fix set -o pipefail failures on non RHEL distros Distros like debian and ubuntu, are using dash as default shell, who doesn't have set -o pipefail, however, these distros also have bash installed, and can be used. According ansible/ansible-lint#497 the way to fix it right now, is to use /bin/bash in the shell command that requires the set -o pipefail. This is already done in other components like ceph-ansible for example, and would allow us to use collect-logs in other distros. This is also required to have collect-logs running in OSA jobs, since they test different distros. Change-Id: If3c3b9275ce3df574511a18e3455741069bb6d26
I have simply ignored the rule in the global
Define "global .ansible-lint" please |
@brunswyck Create this file in the root of your project. I doubt user config makes much sense for a linter anyway. I was inclined to close this ticket as there is a known way to avoid it with config or inline skips. Still, by looking twice at it, I still think that forcing users to add skips for shells that do not support it generates bad experiences. I wonder if someone could find a solution that is more cross platform that the current one that is bash-centric. Removing the rule completely would also be bad, as I know that this rule saved us multiple times from introducing bugs, almost every month I see a change that would be slipped an unchecked pipe usage into the code-base. |
The Ansible One might well write a playbook with the bash idiom, test it locally and have a pleasant output simply cause the executable has been set to The linter has no way to know which executable will end up being used. When it detects a
This way we ensure that the |
There is no way for the linter to know which shell will be used on the host. There is nothing specific to RHEL in this rule as the lack of pipefail applies to other distributions as well. To make the situation even worse, I am more than happy to reduce the number of false-positive matches on this rule but the question is how? How about just to disable the rule if you don't like it? In fact that is one of the reasons that made me create #971 |
The only things I can think of are as follows:
This does make me think that ansible-lint could do with more than just on/off for rules. Perhaps it should have |
More about the issue here: ansible/ansible-lint#497 Trying to execute sh -c "set -o pipefail" will always fail otherwise.
More about the issue here: ansible/ansible-lint#497 Trying to execute sh -c "set -o pipefail" will always fail otherwise.
More about the issue here: ansible/ansible-lint#497 Trying to execute sh -c "set -o pipefail" will always fail otherwise.
More about the issue here: ansible/ansible-lint#497 Trying to execute sh -c "set -o pipefail" will always fail otherwise.
I am going to close this bug as we already have the |
More about the issue here: ansible/ansible-lint#497 Trying to execute sh -c "set -o pipefail" will always fail otherwise.
It might be feasible to do the shell detection at runtime to workaround this problem, id. est.: - name: Set pipefail option only when shell is Bash
shell: >-
if test -v BASH; then set -o pipefail; fi
my | shell | pipeline However, this also triggers the risky-shell-pipe violation, one may consider loosening the detection pattern to allow such workarounds. |
@brlin-tw We are open to suggestions here, clearly the patterns can be improved. I think that probably if we identify the use of The main goal of the rule is to tell users using pipe, that they might want to set the pipefail, how they set it, is up to them. Even adding a comment as Real shell detection is not possible as this it is determined at runtime by factor that are not limited to the task definition inside the playbook. WDYT? |
FWIW, I think the rule has merit. |
Trying solution suggested in ansible/ansible-lint#497
Selecting bash as a shell is not always an option, sometimes we use a very minimal version of Linux, where bash is not available. Could it be solved in another way without ignoring the rule? |
Why is the issue closed when it is not resolved? I think it would make more sense if it is closed as not planed. I have the same problem :-( |
Well that's half an hour of my life I'm not getting back... ;-) Lint says, use pipefail On the ignore list it goes... |
Indeed, that lint rule is irrelevant unless Ansible is configured with The rule should be enhanced to also requires the executable to be explicitly set, then there are surely a lot of use cases for NOT using bash. I guess it is broken by design (and I blame the shell module for that). |
The shell that is something on the target side, and can be different for different targets. It wouldn't really make sense for a linter to be connecting to all the targets in your inventory to see if a particular usage would be broken. I really wish ansible had an easy way to set |
Note that bash is not the only sh implementation that supports pipefail. zsh and certain ash versions do. dash does not. posh may not. yash does not. toybox sh, unknown. busybox sh, unknown. Notably, ksh93 invented the flag, so ksh implementations >= the 93 release support it as well. Unknown of the ksh variants (mksh, oksh, pdksh, rksh) which version they are based on. A lot of this stuff unfortunately comes down to the version of the operating system that provides the shell distribution package. Someone should probably publish a table of POSIX 2022 sh features to implementation names, similar to the giant tables of JavaScript 6 features to browsers, and C++23 features to compilers. Then we would have a common document to reference whenever discussing the subtle, dark arts of shell coding. |
Issue Type
Ansible and Ansible Lint details
Desired Behaviour
When using the
shell
module with pipes, sometimes it is desirable to allow early commands to have failures but continue through the rest of the pipes.Additionally, the default shell interpreter on current versions of Debian and Ubuntu is
dash
, which does not have the-o pipefail
option forset
.Actual Behaviour (Bug report only)
Example task:
When this is run on Ubuntu 16.04 or 18.04, it returns:
For now, for the affected roles (which I support on RHEL, CentOS, Ubuntu, Debian, Fedora, and Amazon Linux... so I have to have a solution which is able to be used cross-platform) I have simply ignored the rule in the global
.ansible-lint
:The text was updated successfully, but these errors were encountered: