Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue #23774 Make transport_test use exec #23775

Closed
wants to merge 1 commit into from
Closed

Fix issue #23774 Make transport_test use exec #23775

wants to merge 1 commit into from

Conversation

smikulcik
Copy link

@smikulcik smikulcik commented Apr 19, 2017
edited

SUMMARY

Since ssh may re-route traffic to any number of places before it
reaches a host by the ssh config files and proxy hosts, we cannot use
sockets to test our transport.

It would make sense to use the same mechanism that we use to
perform actions on a host as we would to verify connectivity.

This change performs a dummy exec_command on the host to verify
that its transport works instead of using a single socket.

In particular, this fixes #23774

By using the ssh configuration built into exec_command, we are able to
handle proxy jumps specified in ssh config files. This allows us to handle
bastion hosts when using wait_for_connection

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

wait_for_connection
ansible.plugins.connection.accelerate
ansible.plugins.connection.ssh
ansible.plugins.connection.paramiko_ssh
ansible.plugins.connection.winrm

ANSIBLE VERSION
ansible 2.4.0
  config file = 
  configured module search path = [u'/Users/smikulc/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/smikulc/virtualenvs/ansible/lib/python2.7/site-packages/ansible-2.4.0-py2.7.egg/ansible
  executable location = /Users/smikulc/virtualenvs/ansible/bin/ansible
  python version = 2.7.10 (default, Jul 30 2016, 19:40:32) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)]
ADDITIONAL INFORMATION

For testing purposes, here is a demo that illustrates the bug fixed in this change https://github.com/smikulcik/ansible-waitforconnection-bug-demo

dagwieers
dagwieers suggested changes Apr 20, 2017
View reviewed changes
Copy link
Contributor

@dagwieers dagwieers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We wanted to avoid doing a full roundtrip using the protocol as it is more expensive than a single TCP test. So maybe we should modify the default delay for these tests.

We could also get rid of the transport_test altogether, and only do the real remote module run.

lib/ansible/plugins/connection/accelerate.py Outdated
display.vvv("attempting transport test to %s:%s" % (host, port))
sock = socket.create_connection((host, port), connect_timeout)
sock.close()
display.vvv("attempting transport test to %s" % self.host)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fails because self_host is not defined for accelerate transport.

lib/ansible/plugins/connection/accelerate.py Outdated
sock.close()
display.vvv("attempting transport test to %s" % self.host)
self.reset()
self.exec_command("exit")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if exit is an accepted command.

lib/ansible/plugins/connection/paramiko_ssh.py Outdated
display.vvv("attempting transport test to %s:%s" % (host, port))
sock = socket.create_connection((host, port), connect_timeout)
sock.close()
display.vvv("attempting transport test to %s" % self.host)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here also self.host is not defined.

lib/ansible/plugins/connection/winrm.py Outdated
display.vvv("attempting transport test to %s:%s" % (host, port))
sock = socket.create_connection((host, port), connect_timeout)
sock.close()
display.vvv("attempting transport test to %s" % self.host)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again self_host is not defined for winrm.

lib/ansible/plugins/connection/winrm.py Outdated
sock.close()
display.vvv("attempting transport test to %s" % self.host)
self.reset()
self.exec_command("exit")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would probably go for "Exit" here, but that's more cosmetic than functional.

@ansibot ansibot added affects_2.4 This issue/PR affects Ansible v2.4 bugfix_pull_request c:plugins/connection/paramiko_ssh c:plugins/connection/ssh c:plugins/connection/winrm needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. needs_triage Needs a first human triage before being processed. windows Windows community labels Apr 20, 2017
@smikulcik
Fix issue ansible#23774 Make transport_test use exec
12d133c 
Some ansible hosts are not directly reachable
via socket connections.  It is best to use
the transport mechanism itself than to assume
that the host is reachable via socket.

If we can exec a command, then the transport
is working.
@smikulcik smikulcik force-pushed the smikulcik-exec_transport_test branch from 7fde1c9 to 12d133c Compare April 20, 2017 16:43
@smikulcik
Copy link
Author

@dagwieers Thanks for the feedback. What would you recommend for configuring connect_timeout? Currently, the exec_command uses the same timeout from the self._play_context.timeout, this code is ignoring anything set for the connect_timeout.

@dagwieers
Copy link
Contributor

@smikulcik Good question, I don't know what we do best in this case. Maybe we should discuss this in the core meeting.

@dagwieers
Copy link
Contributor

The integration test found a weird issue related to our code:

timed out waiting for connection port up: list index out of range

Needs investigation.

@s-hertel s-hertel removed the needs_triage Needs a first human triage before being processed. label Apr 21, 2017
@gundalow gundalow added the ci_verified Changes made in this PR are causing tests to fail. label Apr 22, 2017
@ansibot ansibot added stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:core This issue/PR relates to code supported by the Ansible Engineering Team. labels Jun 23, 2017
@ansibot ansibot added the needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html label Sep 1, 2017
@ansibot ansibot added the new_contributor This PR is the first contribution by a new community member. label Oct 18, 2017
@ansibot ansibot removed the new_contributor This PR is the first contribution by a new community member. label Nov 3, 2017
@dagwieers
Copy link
Contributor

Beware that the deadline for getting new features/modules accepted in Ansible v2.5 is nearing, it is set to either 2018-01-15 or 2018-01-31. If you are blocked, or you need feedback, please discuss on IRC channel #ansible-windows or add a comment to [the Windows Working Group meeting agenda]

@ansibot
Copy link
Contributor

ansibot commented Jan 5, 2018

cc @jborean93 @nitzmahone
click here for bot help

@dagwieers
Copy link
Contributor

I still think this would be a useful addition, the transport test was disabled so it would still work over proxied connections, but I prefer keeping this around.

@ansibot ansibot added the new_contributor This PR is the first contribution by a new community member. label Jan 29, 2018
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bugfix_pull_request labels Mar 2, 2018
@ansibot ansibot added the new_plugin This PR includes a new plugin. label May 21, 2018
@ShachafGoldstein
Copy link
Contributor

@dagwieers @jborean93 @nitzmahone - This one seems dead for quite a while, still relevant?

@ShachafGoldstein ShachafGoldstein mentioned this pull request Jun 5, 2019
Closed
@jborean93
Copy link
Contributor

Considering the age and merge conflicts I am going to close this PR. If this is still a problem please feel free to open a new PR that has been rebased.

@jborean93 jborean93 closed this Jul 22, 2019
@ansible ansible locked and limited conversation to collaborators Aug 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@dagwieers dagwieers dagwieers requested changes

Assignees
No one assigned
Labels
affects_2.4 This issue/PR affects Ansible v2.4 bug This issue/PR relates to a bug. c:plugins/connection/paramiko_ssh c:plugins/connection/ssh c:plugins/connection/winrm ci_verified Changes made in this PR are causing tests to fail. needs_rebase https://docs.ansible.com/ansible/devel/dev_guide/developing_rebasing.html needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. new_contributor This PR is the first contribution by a new community member. new_plugin This PR includes a new plugin. plugins/connection/paramiko_ssh plugins/connection/ssh plugins/connection/winrm stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:core This issue/PR relates to code supported by the Ansible Engineering Team. windows Windows community
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

wait_for_connection fails for nodes behind bastion
7 participants
@smikulcik @dagwieers @ansibot @ShachafGoldstein @jborean93 @gundalow @s-hertel