fix(tasks: synchronize): wrap in sshpass if ssh password was provided

[actionless]

SUMMARY

The action plugin detects the inventory data and connection type then juggles the connection to local and sets the remote host args for rsync. If the remote host required a password for auth and the user gave a password via the available methods, we would wrap ssh calls with sshpass. However, we completely ignore that in the action plugin for synchronize where we would probably know that a password is needed based on contexts. We should look into detecting that situation and wrapping rsync with sshpass.
sshpass somewhere in the the exec arguments and sending the password when the prompt occurs.

Fixes #16616

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

synchronize

ANSIBLE VERSION

(could be easily backported to older versions if needed)

$ ansible --version
ansible 2.5.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/sbin/ansible
  python version = 2.7.13 (default, Jul 21 2017, 03:24:34) [GCC 7.1.1 20170630]

[ansibot]

cc @tima
click here for bot help

[xrow]

Sorry that seem to not work for me. Maybe I am testing not to right version. I did:

pip install git+git://github.com/actionless/ansible@rsync-password-fix

and ran my playbook.

`TASK [openhab : Sync config] ******************************************************************************************
root@centos-rpi3.xrow.lan's password:
fatal: [centos-rpi3.xrow.lan]: FAILED! => {"changed": false, "cmd": "/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh=/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --out-format=<>%i %n%L /scm/smarthome.infrastructure/roles/openhab/files/conf/ root@centos-rpi3.xrow.lan:/etc/openhab/", "msg": "Warning: Permanently added 'centos-rpi3.xrow.lan,192.168.0.60' (ECDSA) to the list of known hosts.\r\nConnection closed by 192.168.0.60\r\nrsync: connection unexpectedly closed (0 bytes received so far) [sender]\nrsync error: error in rsync protocol data stream (code 12) at io.c(605) [sender=3.0.9]\n", "rc": 12}
to retry, use: --limit @/scm/smarthome.infrastructure/openhab.retry

PLAY RECAP ************************************************************************************************************
centos-rpi3.xrow.lan : ok=13 changed=0 unreachable=0 failed=1 `

[actionless]

@xrow could you extract from your playbook the exact block which will allow me to reproduce this problem?

and also the host variables used (not their values, but just to know if ansible_password, andsible_become and so on are set or not)

[xrow]

Thank for your feedback. Here is some test code/output:

First run remote (fails), second fails. Local is a vagrant box and remote a rasberry.

[root@localhost smarthome.infrastructure]# ansible-playbook test.yml -i hosts 

PLAY [Synchronize Test] *****************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************
ok: [centos-rpi3.xrow.lan]

TASK [Echo] *****************************************************************************************************************************
changed: [centos-rpi3.xrow.lan]

TASK [Copy /etc/hostname] ***************************************************************************************************************
root@centos-rpi3.xrow.lan's password: 
 [ERROR]: User interrupted execution

[root@localhost smarthome.infrastructure]# ansible-playbook test.yml -i hosts --connection=local

PLAY [Synchronize Test] *****************************************************************************************************************

TASK [Gathering Facts] ******************************************************************************************************************
ok: [centos-rpi3.xrow.lan]

TASK [Echo] *****************************************************************************************************************************
changed: [centos-rpi3.xrow.lan]

TASK [Copy /etc/hostname] ***************************************************************************************************************
ok: [centos-rpi3.xrow.lan]

PLAY RECAP ******************************************************************************************************************************
centos-rpi3.xrow.lan       : ok=3    changed=1    unreachable=0    failed=0  

playbook

---

# ansible-playbook test.yml -i hosts 
# ansible-playbook test.yml -i hosts --connection=local

- name: Synchronize Test
  hosts: openhab
  become: true

  tasks:
  - name: Echo
    shell: echo "Hello"
  - name: Copy /etc/hostname
    synchronize: src=/etc/hostname dest=/root/test

[xrow]

Sorry and hosts:

---

[openhab]
centos-rpi3.xrow.lan ansible_ssh_user=root ansible_ssh_pass=centos

[xrow]

By the way, if I which to key based auth it works.

[actionless]

@xrow
i was not able to reproduce the issue

could it be the case what password authentication for root is disabled on the server?

are you able to manually run rsync with the same credentials?

[xrow]

@actionless

To what setting are you refferring? If you are referring to sshd config, the sample echo task shouldn`t have been executed, correct?

[xrow]

@actionless

This works by the way:

[root@localhost ~]# sshpass -p centos rsync /etc/hostname root@centos-rpi3.xrow.lan:/root/test
[root@localhost ~]# 

[actionless]

also i've just revisited the log you've attached above and saw a strange thing:

"cmd": "/bin/rsync --delay-updates -F --compress --delete-after --archive --rsh=/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --out-format=<>%i %n%L /scm/smarthome.infrastructure/roles/openhab/files/conf/ root@centos-rpi3.xrow.lan:/etc/openhab/", 

while in my case it was

"cmd": "sshpass -p ******** /usr/sbin/rsync --delay-updates -F --compress --archive --rsh=/usr/sbin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --rsync-path=sudo rsync --out-format=<<CHANGED>>%i %n%L /home/user/testfile user@192.168.1.3:/opt/testfile"

[actionless]

mb try creating a new virtualenv and running ansible task there isolated?

$ virtualenv -p python2 env
$ source env/bin/activate
(env)$ pip install git+git://github.com/actionless/ansible@rsync-password-fix
(env)$ which ansible-playbook  # just to double-check what we're using ansible from the virtualenv
(env)$ ansible-playbook .......

[vTNT]

my ansible version is 2.3.2.0
and this pr it can work. thank you!!

[sivel]

now only one question remains, what to do with disallowed usage of subprocess.Popen

There are a few modules that need to use Popen instead of run_command, and in those cases we just have to add an ignore to test/sanity/validate-modules/ignore.txt.

Something like:

lib/ansible/modules/files/synchronize.py E210

Note: we try to keep that file sorted by file path

[actionless]

@sivel and what do you think about the solution proposed in the latest commits?

[actionless]

at the moment only aws test are failing, but it seems what for some unrelated to this PR reason

I only used the change requested to stop the automatic rebuild_merge

[abadger]

rebuild_merge

[actionless]

aws tests are still unstable

[maxamillion]

rebuild_merge

[actionless]

@maxamillion aws still unstable but after this testrun also osx failed

[maxamillion]

rebuild_merge

Dear CI Gods, please be kind.

[maxamillion]

rebuild_merge

[actionless]

🎆 🌵 🐱 🚬 🎆