This repository has been archived by the owner. It is now read-only.

Raw module adds substring "/bin/sh -c" to ssh remote command argument. #3332

Closed
artgromov opened this Issue Mar 28, 2016 · 13 comments

Comments

Projects
None yet
8 participants
@artgromov

artgromov commented Mar 28, 2016

ISSUE TYPE
  • Bug Report
COMPONENT NAME

Raw module

ANSIBLE VERSION
ansible 2.1.0 (devel ab51384af1) last updated 2016/03/28 09:00:04 (GMT +300)
  lib/ansible/modules/core: (detached HEAD 0268864211) last updated 2016/03/26 09:00:09 (GMT +300)
  lib/ansible/modules/extras: (detached HEAD 6978984244) last updated 2016/03/26 09:00:09 (GMT +300)
  config file = /home/admin/lab/ansible.cfg
  configured module search path = Default w/o overrides
CONFIGURATION

[defaults]
inventory = hosts.cfg
forks = 50
force_color = 1
host_key_checking = False
command_warnings = True
nocolor = 0

OS / ENVIRONMENT

Running Ansible from:
Linux 4.3.4-200.fc22.x86_64 #1 SMP Mon Jan 25 13:37:15 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux (Fedora release 22)

Managing: N/A (set of diffferent Cisco devices)

SUMMARY

Raw module doesn't run remote commands on boxes without "/bin/sh" via ssh.

STEPS TO REPRODUCE
  1. Get any devcie (cisco ios for example) with configured ssh access from management host.
  2. Add it to inventory:
[net]
r1 ansible_host=10.1.10.21 
  1. Run command: ansible r1 -m raw -a 'show version' -k
[admin@ansible lab]$ ansible r1 -m raw -a 'show version' -k
SSH password: 
r1 | SUCCESS | rc=0 >>

Line has invalid autocommand "/bin/sh -c 'show version'"Connection to 10.1.10.21 closed by remote host.
EXPECTED RESULTS

The output should contain the result of remote command execution like the following:

[admin@ansible lab]$ ssh admin@10.1.10.21 "show version"
Password: 
Cisco IOS XE Software, Version 03.12.00.S - Standard Support Release
Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S, RELEASE SOFTWARE (fc2)
...
< truncated > 
...
Connection to 10.1.10.21 closed by remote host.
ACTUAL RESULTS

Raw module adds substring "/bin/sh -c" to ssh remote command argument.

[admin@ansible lab]$ ansible r1 -m raw -a 'show version' -k -vvv
Using /home/admin/lab/ansible.cfg as config file
SSH password: 
<10.1.10.21> ESTABLISH SSH CONNECTION FOR USER: None
<10.1.10.21> SSH: EXEC sshpass -d12 ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ControlPath=/home/admin/.ansible/cp/ansible-ssh-%h-%p-%r -tt 10.1.10.21 '/bin/sh -c '"'"'show version'"'"''
r1 | SUCCESS | rc=0 >>

Line has invalid autocommand "/bin/sh -c 'show version'"Connection to 10.1.10.21 closed by remote host.

@bcoca bcoca added the bug_report label Mar 28, 2016

@sivel

This comment has been minimized.

Show comment
Hide comment
@sivel

sivel Mar 28, 2016

Member

I'm not sure this should be logged here, since raw is an action plugin. Additionally, I am not sure that raw should support this with the addition of the networking modules such as http://docs.ansible.com/ansible/ios_command_module.html

Member

sivel commented Mar 28, 2016

I'm not sure this should be logged here, since raw is an action plugin. Additionally, I am not sure that raw should support this with the addition of the networking modules such as http://docs.ansible.com/ansible/ios_command_module.html

@bcoca

This comment has been minimized.

Show comment
Hide comment
@bcoca

bcoca Mar 28, 2016

Member

fixed via http://github.com/ansible/ansible/commit/e9a4526251d24370ffcd1761cb62460c4f548676, now you can set executabe='' to avoid adding a shell to command construction.

Member

bcoca commented Mar 28, 2016

fixed via http://github.com/ansible/ansible/commit/e9a4526251d24370ffcd1761cb62460c4f548676, now you can set executabe='' to avoid adding a shell to command construction.

@bcoca bcoca closed this Mar 28, 2016

@bcoca

This comment has been minimized.

Show comment
Hide comment
@bcoca

bcoca Mar 28, 2016

Member

another option is setting the ansible_shell_executable inventory var for those hosts, that way you can avoid setting it on each command (also in ansible.cfg:executable or ANSIBLE_EXECUTABLE)

Member

bcoca commented Mar 28, 2016

another option is setting the ansible_shell_executable inventory var for those hosts, that way you can avoid setting it on each command (also in ansible.cfg:executable or ANSIBLE_EXECUTABLE)

@artgromov

This comment has been minimized.

Show comment
Hide comment
@artgromov

artgromov Mar 28, 2016

Setting executable: '' in playbook works fine.
Setting ansbile_executable as group_var/host_var also works fine.
Setting adhoc (ansible net -m raw -a 'sh ip route' -e ansible_executable='') - still sends to remote /bin/sh

P.S.
I am afraid that the root cause could be in another place.
When I checked out v2.0.2.0-0.1.rc1 I found that there were no need to explicitly set any executable variables.

artgromov commented Mar 28, 2016

Setting executable: '' in playbook works fine.
Setting ansbile_executable as group_var/host_var also works fine.
Setting adhoc (ansible net -m raw -a 'sh ip route' -e ansible_executable='') - still sends to remote /bin/sh

P.S.
I am afraid that the root cause could be in another place.
When I checked out v2.0.2.0-0.1.rc1 I found that there were no need to explicitly set any executable variables.

@bcoca

This comment has been minimized.

Show comment
Hide comment
@bcoca

bcoca Mar 28, 2016

Member

sorry, it is ansible_shell_executable

Member

bcoca commented Mar 28, 2016

sorry, it is ansible_shell_executable

@debugloop

This comment has been minimized.

Show comment
Hide comment
@debugloop

debugloop May 30, 2016

I don't think this is resolved. Setting executable in ansible.cfg does not work and Setting ansible_shell_executable doesn't either.

The only working way for me is:

ansible all -i routers.inv -m raw -a "executable='' show int desc"

which is inconvenient. All tested on 2.1.0.0 of course.

debugloop commented May 30, 2016

I don't think this is resolved. Setting executable in ansible.cfg does not work and Setting ansible_shell_executable doesn't either.

The only working way for me is:

ansible all -i routers.inv -m raw -a "executable='' show int desc"

which is inconvenient. All tested on 2.1.0.0 of course.

@aussieade

This comment has been minimized.

Show comment
Hide comment
@aussieade

aussieade Jun 21, 2016

Just hit this too, setting ansible_shell_executable in ansible-hosts file nearly works (stops the /bin/sh -c) but there is still a "&& sleep 0" added to the command sent:

ade@megadodo:~> ansible moonshot-ilo2 -m raw -a "show cartridge list"
moonshot2-3 | SUCCESS | rc=0 >>
show cartridge list && sleep 0

** Invalid arguments **

SHOW CARTRIDGE LIST Displays all the currently installed cartridges.

running

ansible moonshot-ilo2 -m raw -a "executable='' show cartridge list"

does indeed work as expected.

This was working in the past as I was using raw commands on this chassis some months ago.
ansible version is 2.1.0.0

aussieade commented Jun 21, 2016

Just hit this too, setting ansible_shell_executable in ansible-hosts file nearly works (stops the /bin/sh -c) but there is still a "&& sleep 0" added to the command sent:

ade@megadodo:~> ansible moonshot-ilo2 -m raw -a "show cartridge list"
moonshot2-3 | SUCCESS | rc=0 >>
show cartridge list && sleep 0

** Invalid arguments **

SHOW CARTRIDGE LIST Displays all the currently installed cartridges.

running

ansible moonshot-ilo2 -m raw -a "executable='' show cartridge list"

does indeed work as expected.

This was working in the past as I was using raw commands on this chassis some months ago.
ansible version is 2.1.0.0

@robphoenix

This comment has been minimized.

Show comment
Hide comment
@robphoenix

robphoenix Jul 1, 2016

Contributor

I've just run into this also, connecting to Cisco routers.

$ ansible routers -m raw -a "show ver" -i shared/routers.txt
192.168.0.3 | SUCCESS | rc=0 >>

Line has invalid autocommand "/bin/sh -c 'show ver && sleep 0'"Connection to 192.168.0.3 closed by remote host.


192.168.0.2 | SUCCESS | rc=0 >>

Line has invalid autocommand "/bin/sh -c 'show ver && sleep 0'"Connection to 192.168.0.2 closed by remote host.


192.168.0.1 | SUCCESS | rc=0 >>

Line has invalid autocommand "/bin/sh -c 'show ver && sleep 0'"Connection to 192.168.0.1 closed by remote host.

setting ansible_shell_executable: '' in group_vars/routers/yaml improves this output slightly:

~$ ansible routers -m raw -a "show ver" -i shared/routers.txt
192.168.0.2 | SUCCESS | rc=0 >>

Line has invalid autocommand "show ver && sleep 0"Connection to 192.168.0.2 closed by remote host.


192.168.0.3 | SUCCESS | rc=0 >>

Line has invalid autocommand "show ver && sleep 0"Connection to 192.168.0.3 closed by remote host.


192.168.0.1 | SUCCESS | rc=0 >>

Line has invalid autocommand "show ver && sleep 0"Connection to 192.168.0.1 closed by remote host.

But the only thing that actually works is as @analogbyte mentioned:

$ ansible routers -m raw -a "executable='' show ver" -i shared/routers.txt

Ansible version: ansible 2.1.0.0 running in ubuntu 14.04

Contributor

robphoenix commented Jul 1, 2016

I've just run into this also, connecting to Cisco routers.

$ ansible routers -m raw -a "show ver" -i shared/routers.txt
192.168.0.3 | SUCCESS | rc=0 >>

Line has invalid autocommand "/bin/sh -c 'show ver && sleep 0'"Connection to 192.168.0.3 closed by remote host.


192.168.0.2 | SUCCESS | rc=0 >>

Line has invalid autocommand "/bin/sh -c 'show ver && sleep 0'"Connection to 192.168.0.2 closed by remote host.


192.168.0.1 | SUCCESS | rc=0 >>

Line has invalid autocommand "/bin/sh -c 'show ver && sleep 0'"Connection to 192.168.0.1 closed by remote host.

setting ansible_shell_executable: '' in group_vars/routers/yaml improves this output slightly:

~$ ansible routers -m raw -a "show ver" -i shared/routers.txt
192.168.0.2 | SUCCESS | rc=0 >>

Line has invalid autocommand "show ver && sleep 0"Connection to 192.168.0.2 closed by remote host.


192.168.0.3 | SUCCESS | rc=0 >>

Line has invalid autocommand "show ver && sleep 0"Connection to 192.168.0.3 closed by remote host.


192.168.0.1 | SUCCESS | rc=0 >>

Line has invalid autocommand "show ver && sleep 0"Connection to 192.168.0.1 closed by remote host.

But the only thing that actually works is as @analogbyte mentioned:

$ ansible routers -m raw -a "executable='' show ver" -i shared/routers.txt

Ansible version: ansible 2.1.0.0 running in ubuntu 14.04

@forescout-spollock

This comment has been minimized.

Show comment
Hide comment
@forescout-spollock

forescout-spollock May 30, 2017

i see this as well, was there ever any resolution?

forescout-spollock commented May 30, 2017

i see this as well, was there ever any resolution?

@debugloop

This comment has been minimized.

Show comment
Hide comment
@debugloop

debugloop May 31, 2017

@forescout-spollock not that I know of, I'm still using the workaround above...

debugloop commented May 31, 2017

@forescout-spollock not that I know of, I'm still using the workaround above...

@artgromov

This comment has been minimized.

Show comment
Hide comment
@artgromov

artgromov Jun 1, 2017

I have no problem with this using following ansible versions:

ansible 2.3.0.0 (detached HEAD f15e1f25ae)
ansible 2.4.0 (devel 9d8aa43c67)

I don't use any executable variables.

my current ~/.ansible.cfg:

[defaults]
inventory               = hosts     ; use file 'hosts' from current dir
transport               = ssh
host_key_checking       = False
hash_behaviour          = merge
force_color             = 1
roles_path              = /home/admin/Dropbox/Dev/Ansible/Roles
retry_files_enabled     = False

Calling ansible:

[admin@agromov lab]$ ansible sw_core -m raw -a 'sh ver' -i hosts
sw_core | SUCCESS | rc=0 >>

Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9NPE-M), Version 15.0(2)SE4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 26-Jun-13 01:47 by prod_rel_team

<bla bla bla>

artgromov commented Jun 1, 2017

I have no problem with this using following ansible versions:

ansible 2.3.0.0 (detached HEAD f15e1f25ae)
ansible 2.4.0 (devel 9d8aa43c67)

I don't use any executable variables.

my current ~/.ansible.cfg:

[defaults]
inventory               = hosts     ; use file 'hosts' from current dir
transport               = ssh
host_key_checking       = False
hash_behaviour          = merge
force_color             = 1
roles_path              = /home/admin/Dropbox/Dev/Ansible/Roles
retry_files_enabled     = False

Calling ansible:

[admin@agromov lab]$ ansible sw_core -m raw -a 'sh ver' -i hosts
sw_core | SUCCESS | rc=0 >>

Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9NPE-M), Version 15.0(2)SE4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 26-Jun-13 01:47 by prod_rel_team

<bla bla bla>

@bcoca

This comment has been minimized.

Show comment
Hide comment
@bcoca

bcoca Jun 1, 2017

Member

FYI, we don't see comments on closed issues, luckily someone pointed me to this on IRC.

2.3.1 was released today, it has the fix as will all future versions after that.

Member

bcoca commented Jun 1, 2017

FYI, we don't see comments on closed issues, luckily someone pointed me to this on IRC.

2.3.1 was released today, it has the fix as will all future versions after that.

@zywh

This comment has been minimized.

Show comment
Hide comment
@zywh

zywh Jul 2, 2017

ansible --version
ansible 2.3.1.0

"Show version/show clock" works but not "show vlan brief"?

ansible r1 -a "show clock"
SSH password:
r1 | SUCCESS | rc=0 >>

08:01:16.590 EDT Sun Jul 2 2017

$ ansible r1 -m raw -a "show vlan brief"
SSH password:
r1| SUCCESS | rc=0 >>
Line has invalid autocommand "show vlan brief"

zywh commented Jul 2, 2017

ansible --version
ansible 2.3.1.0

"Show version/show clock" works but not "show vlan brief"?

ansible r1 -a "show clock"
SSH password:
r1 | SUCCESS | rc=0 >>

08:01:16.590 EDT Sun Jul 2 2017

$ ansible r1 -m raw -a "show vlan brief"
SSH password:
r1| SUCCESS | rc=0 >>
Line has invalid autocommand "show vlan brief"

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.