-
Notifications
You must be signed in to change notification settings - Fork 683
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
inspec
binary occasionally exits zero on SSH failures
#840
Comments
stevendanna
added a commit
that referenced
this issue
Aug 16, 2016
Thor, the command line framework we use, rescue's Errno::EPIPE exceptions and exits 0. It does this because for many unix-style command line applications it is a good decision. For example, if your command is being used in a pipeline with head(1): my_command | head -10 It will get an EPIPE after head exits. You don't want this command to fail because of the EPIPE as it is what you expected. However, in our case, the SSH transport will raise EPIPE if the remote server unexpectedly closed the connection. This can happen, for example, if your ssh configuration has a bad ProxyCommand configuration. In these cases we do not want to exit successfully. Explicitly rescuing the EPIPE in Inspec::Backend#create solves the issue reported by users, but it may be better to rescue this exception in Train itself. Fixes #840 Signed-off-by: Steven Danna <steve@chef.io>
stevendanna
added a commit
that referenced
this issue
Aug 16, 2016
Thor, the command line framework we use, rescues Errno::EPIPE exceptions and exits 0. It does this because for many unix-style command line applications it is a good decision. For example, if your command is being used in a pipeline with head(1): my_command | head -10 It will get an EPIPE after head exits. You don't want this command to fail because of the EPIPE as it is what you expected. However, in our case, the SSH transport will raise EPIPE if the remote server unexpectedly closed the connection. This can happen, for example, if your ssh configuration has a bad ProxyCommand configuration. In these cases we do not want to exit successfully. Explicitly rescuing the EPIPE in Inspec::Backend#create solves the issue reported by users, but it may be better to rescue this exception in Train itself. Fixes #840 Signed-off-by: Steven Danna <steve@chef.io>
fixed by inspec/train#130, will be included in the next version of train |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
If the underlying
ssh
command/transport has an error theinspec
binary still exits zero. This can prove problematic when CI/CD is drivinginspec
as the job will be marked as green when it actually failed because of underlying config issues.In the scenario above a
ProxyCommand
is configured in~/.ssh/config
BUT inadvertently pointing at a non-existent bastion/gateway host:A similar "raw"
ssh
command does return a non-zero exit code:InSpec and Platform Version
The text was updated successfully, but these errors were encountered: