Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Paramiko crashes if a non-ascii character is used in the root password when running the playbook with -K #16557

Closed
halfer opened this issue Jul 2, 2016 · 5 comments · Fixed by #18045
Closed

Paramiko crashes if a non-ascii character is used in the root password when running the playbook with -K #16557

halfer opened this issue Jul 2, 2016 · 5 comments · Fixed by #18045
Assignees
@abadger
Labels
affects_2.2 This issue/PR affects Ansible v2.2 bug This issue/PR relates to a bug.
Milestone
2.2.0

Comments

@halfer
Copy link

halfer commented Jul 2, 2016
edited

ISSUE TYPE
  • Bug Report
ANSIBLE VERSION

Ansible is installed from Github:

ansible 2.2.0 (devel 46a97e1f55) last updated 2016/06/30 21:16:46 (GMT +100)
  lib/ansible/modules/core: (detached HEAD 1d0d5db97a) last updated 2016/06/30 21:16:54 (GMT +100)
  lib/ansible/modules/extras: (detached HEAD 00b8b96906) last updated 2016/06/30 21:16:54 (GMT +100)
  config file = .../jonblog-build/app/ansible.cfg [removed unimportant path info]
  configured module search path = Default w/o overrides
CONFIGURATION
cat ansible.cfg 
[defaults]
transport=paramiko
OS / ENVIRONMENT

Ubuntu 14.04
Python 2.7.6

Paramiko from apt-get:

apt-cache show python-paramiko
Package: python-paramiko
Priority: optional
Section: python
Installed-Size: 541
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Jeremy T. Bouse <jbouse@debian.org>
Architecture: all
Source: paramiko
Version: 1.10.1-1git1build1
Provides: python2.7-paramiko
Depends: python (>= 2.7), python (<< 2.8), python:any (>= 2.7.1-0ubuntu2), python-crypto (>= 2.1.0-2)
Filename: pool/main/p/paramiko/python-paramiko_1.10.1-1git1build1_all.deb
Size: 105776
MD5sum: e728ed22af7bead915a5e509140971bb
SHA1: 92f20ae140eeceb36d456bb696b4a5e5c7f36585
SHA256: b665fdc994b7d1944bc54aab781f9110d2e1e6e4d33257151bf6d2f8a2f56a7c
Description-en: Make ssh v2 connections with Python (Python 2)
 This is a library for making SSH2 connections (client or server).
 Emphasis is on using SSH2 as an alternative to SSL for making secure
 connections between Python scripts.  All major ciphers and hash methods
 are supported.  SFTP client and server mode are both supported too.
 .
 This is the Python 2 version of the package.
Description-md5: ef19708cf575fb15646b6a0f32043a47
Homepage: https://github.com/paramiko/paramiko/
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Origin: Ubuntu
Supported: 5y
Task: edubuntu-desktop-gnome
SUMMARY

Using Paramiko as an SSH transport layer, with a -K root password containing a £ pound sign causes a Python crash in Paramiko.

STEPS TO REPRODUCE

I call my playbook with ansible-playbook -K ansible/fetch-database.yml. More details in this post.

EXPECTED RESULTS

I expected the playbook to execute without errors or crashes. The password is correct, and using the default SSH transport, it seems to work fine. (I had originally swapped to Paramiko as the default transport was hanging upon successful su, but a pull on the Ansible repo fixed that, so I have swapped back).

ACTUAL RESULTS

Upon encountering the su code, I get this crash inside Paramiko:

An exception occurred during task execution. The full traceback is:
Traceback (most recent call last):
  File "/home/jon/Development/Personal/server-build/ansible/lib/ansible/executor/task_executor.py", line 96, in run
    item_results = self._run_loop(items)
  File "/home/jon/Development/Personal/server-build/ansible/lib/ansible/executor/task_executor.py", line 252, in _run_loop
    res = self._execute(variables=task_vars)
  File "/home/jon/Development/Personal/server-build/ansible/lib/ansible/executor/task_executor.py", line 447, in _execute
    result = self._handler.run(task_vars=variables)
  File "/home/jon/Development/Personal/server-build/ansible/lib/ansible/plugins/action/normal.py", line 33, in run
    results = merge_hash(results, self._execute_module(tmp=tmp, task_vars=task_vars))
  File "/home/jon/Development/Personal/server-build/ansible/lib/ansible/plugins/action/__init__.py", line 647, in _execute_module
    res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)
  File "/home/jon/Development/Personal/server-build/ansible/lib/ansible/plugins/action/__init__.py", line 721, in _low_level_execute_command
    rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)
  File "/home/jon/Development/Personal/server-build/ansible/lib/ansible/plugins/connection/paramiko_ssh.py", line 311, in exec_command
    chan.sendall(self._play_context.become_pass + '\n')
  File "/usr/lib/python2.7/dist-packages/paramiko/channel.py", line 797, in sendall
    sent = self.send(s)
  File "/usr/lib/python2.7/dist-packages/paramiko/channel.py", line 729, in send
    m.add_string(s[:size])
  File "/usr/lib/python2.7/dist-packages/paramiko/message.py", line 259, in add_string
    self.packet.write(s)
UnicodeEncodeError: 'ascii' codec can't encode character u'\xa3' in position 1: ordinal not in range(128)

fatal: [server.example.com]: FAILED! => {"failed": true, "msg": "Unexpected failure during module execution.", "stdout": ""}

It is possible that this would be solved with a bleeding-edge install of Paramiko. If you'd like me to install that in order to try it, please let me know how to do that - I'm just using the version in Ubuntu at the moment.
@halfer halfer changed the title Paramiko crashes if a non-ascii character is used as a root password with -K Paramiko crashes if a non-ascii character is used in the root password with -K Jul 2, 2016
@halfer halfer changed the title Paramiko crashes if a non-ascii character is used in the root password with -K Paramiko crashes if a non-ascii character is used in the root password when running the playbook with -K Jul 2, 2016
@brunitto
Copy link

brunitto commented Aug 15, 2016
edited

Contributing...

I got the same issue by using non-ascii characters in a private key path.

ANSIBLE VERSION

2.0.0.2 installed via apt-get

CONFIGURATION

The default one.

OS / ENVIRONMENT

Xubuntu 16.04.1 LTS 64 bits

SUMMARY

As previously reported, using --private-key instead of -K.

STEPS TO REPRODUCE

Run any playbook, using a path containing non-ascii characters as the --private-key option argument. For instance:

$ ansible-playbook -i inventory.txt all -m ping --private-key=/home/bruno/Segurança/Chaves/master.pem

The "ç" in "Segurança" is a non-ascii character.

EXPECTED RESULTS

I expected the playbook to execute without errors or crashes.

ACTUAL RESULTS

I got the following error:

$ ansible -i inventory.txt all -m ping --sudo --private-key=/home/bruno/Segurança/Chaves/professional/master.pem

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: UnicodeEncodeError: 'ascii' codec can't encode character u'\xe7' in position 19: ordinal not in range(128)
back0031 | FAILED! => {
"failed": true,
"stdout": ""
}

@ansibot ansibot added triage affects_2.2 This issue/PR affects Ansible v2.2 labels Sep 7, 2016
@dagwieers dagwieers mentioned this issue Oct 14, 2016
Closed
@abadger
Copy link
Contributor

abadger commented Oct 15, 2016

@halfer, this appears to be fixed in devel and stable-2.2 branches:

$ ansible -i '127.0.0.2,' 127.0.0.2 -m command -a 'whoami' -c paramiko --su -K
SU password: 
127.0.0.2 | SUCCESS | rc=0 >>
root

@brunitto That appears to be a different problem. If is still occurring, please file a new ticket so we can track and fix it. We'll need the traceback to figure out where the error is occurring. Use the -vvv switch to run ansible in verbose mode to get that. Thanks!

@abadger abadger closed this as completed Oct 15, 2016
@abadger abadger added this to the 2.2.0 milestone Oct 15, 2016
@abadger abadger reopened this Oct 15, 2016
@abadger
Copy link
Contributor

abadger commented Oct 15, 2016

After fixing the local connection for the same error, I dug around in this a little more and found that the code looks like it should still fail in devel and stable-2.2 but I was unable to reproduce on my laptop. I switched to an ubuntu14 virtual machine and the error still occurred on devel. Seeing if the same fix as I implemented for local connection will work for paramiko.

@abadger abadger mentioned this issue Oct 15, 2016
Merged
abadger added a commit to abadger/ansible that referenced this issue Oct 15, 2016
@abadger
Fixes to handle non-ascii become passwords
5c16ab8 
Fixes for non-ascii passwords on
* both python2 and python3,
* local and paramiko_ssh (ssh tested working with these changes)
* sudo and su

Fixes ansible#16557
abadger added a commit that referenced this issue Oct 15, 2016
@abadger
Fixes to handle non-ascii become passwords
f24c10c 
Fixes for non-ascii passwords on
* both python2 and python3,
* local and paramiko_ssh (ssh tested working with these changes)
* sudo and su

Fixes #16557
abadger added a commit that referenced this issue Oct 15, 2016
@abadger
Fixes to handle non-ascii become passwords
e1101f7 
Fixes for non-ascii passwords on
* both python2 and python3,
* local and paramiko_ssh (ssh tested working with these changes)
* sudo and su

Fixes #16557

(cherry picked from commit f24c10c)
@abadger
Copy link
Contributor

abadger commented Oct 15, 2016

Fix turned out to be a little bigger as there were also some python3 bugs lurking in there. #18045 should fix sudo and su on local and paramiko (ssh already worked) for py2 and py3. Complete fix is in devel and stable-2.2. The nonascii become on paramiko portion extracted and cherry-picked to stable-2.1 as well. If all goes well, the releases with the fix in it should end up being Ansible-2.1.3 and Ansible-2.2.0.

@halfer
Copy link
Author

halfer commented Oct 16, 2016
edited

Lovely, thanks for your efforts @abadger. I seem to recall I discovered a workaround at the time of making the above report, but it's great to see it is being resolved.

@bcoca bcoca removed the triage label Dec 16, 2016
sereinity pushed a commit to sereinity-forks/ansible that referenced this issue Jan 25, 2017
@abadger
Fixes to handle non-ascii become passwords
8d0e78f 
Fixes for non-ascii passwords on
* both python2 and python3,
* local and paramiko_ssh (ssh tested working with these changes)
* sudo and su

Fixes ansible#16557

(cherry picked from commit f24c10c)
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 7, 2018
@ansible ansible locked and limited conversation to collaborators Apr 25, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@abadger abadger

Labels
affects_2.2 This issue/PR affects Ansible v2.2 bug This issue/PR relates to a bug.
Projects
None yet
Milestone
2.2.0
Development

Successfully merging a pull request may close this issue.

Fixes to handle non-ascii passwords abadger/ansible
6 participants
@brunitto @abadger @mscherer @halfer @bcoca @ansibot