Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inspec binary occasionally exits zero on SSH failures #840

Closed
schisamo opened this issue Jul 22, 2016 · 2 comments
Closed

inspec binary occasionally exits zero on SSH failures #840

schisamo opened this issue Jul 22, 2016 · 2 comments
Labels
Type: Bug Feature not working as expected
Milestone
0.31.0

Comments

@schisamo
Copy link
Contributor

Description

If the underlying ssh command/transport has an error the inspec binary still exits zero. This can prove problematic when CI/CD is driving inspec as the job will be marked as green when it actually failed because of underlying config issues.

$ inspec exec inspec/package-router-smoke -t ssh://ubuntu@package-router-0-acceptance.es.chef.co -i ~/.ssh/es-infrastructure.pem
ssh: Could not resolve hostname bastion-verify.es.chef.co: nodename nor servname provided, or not known
$ echo $?
0

In the scenario above a ProxyCommand is configured in ~/.ssh/config BUT inadvertently pointing at a non-existent bastion/gateway host:

Host package-router-*-acceptance.es.chef.co
  ProxyCommand ssh -A ubuntu@bastion-verify.es.chef.co -W %h:%p

A similar "raw" ssh command does return a non-zero exit code:

$ ssh ubuntu@package-router-0-acceptance.es.chef.co
ssh: Could not resolve hostname bastion-verify.es.chef.co: nodename nor servname provided, or not known
ssh_exchange_identification: Connection closed by remote host
$ echo $?
255

InSpec and Platform Version

InSpec version: 0.27.1
Train version: 0.15.1
@chris-rock chris-rock added the Type: Bug Feature not working as expected label Jul 25, 2016
@chris-rock chris-rock added this to the 1.0.0 milestone Jul 27, 2016
@chris-rock chris-rock modified the milestones: 0.30.0, 1.0.0, 0.31.0 Aug 8, 2016
@stevendanna stevendanna self-assigned this Aug 16, 2016
stevendanna added a commit that referenced this issue Aug 16, 2016
@stevendanna
Fix errant 0 exit status on SSH errors
0ef340d 
Thor, the command line framework we use, rescue's Errno::EPIPE
exceptions and exits 0.  It does this because for many unix-style
command line applications it is a good decision.  For example, if your
command is being used in a pipeline with head(1):

    my_command | head -10

It will get an EPIPE after head exits. You don't want this command to
fail because of the EPIPE as it is what you expected.

However, in our case, the SSH transport will raise EPIPE if the remote
server unexpectedly closed the connection.  This can happen, for
example, if your ssh configuration has a bad ProxyCommand configuration.
In these cases we do not want to exit successfully.

Explicitly rescuing the EPIPE in Inspec::Backend#create solves the issue
reported by users, but it may be better to rescue this exception in
Train itself.

Fixes #840

Signed-off-by: Steven Danna <steve@chef.io>
@stevendanna stevendanna mentioned this issue Aug 16, 2016
Closed
stevendanna added a commit that referenced this issue Aug 16, 2016
@stevendanna
Fix errant 0 exit status on SSH errors
a4875f0 
Thor, the command line framework we use, rescues Errno::EPIPE exceptions
and exits 0. It does this because for many unix-style command line
applications it is a good decision. For example, if your command is
being used in a pipeline with head(1):

    my_command | head -10

It will get an EPIPE after head exits. You don't want this command to
fail because of the EPIPE as it is what you expected.

However, in our case, the SSH transport will raise EPIPE if the remote
server unexpectedly closed the connection. This can happen, for example,
if your ssh configuration has a bad ProxyCommand configuration. In these
cases we do not want to exit successfully.

Explicitly rescuing the EPIPE in Inspec::Backend#create solves the issue
reported by users, but it may be better to rescue this exception in
Train itself.

Fixes #840

Signed-off-by: Steven Danna <steve@chef.io>
@chris-rock chris-rock mentioned this issue Aug 17, 2016
Merged
@chris-rock
Copy link
Contributor

fixed by inspec/train#130, will be included in the next version of train

@schisamo
Copy link
Contributor Author

gif-keyboard-6890706418199973053

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Feature not working as expected
Projects
None yet
Milestone
0.31.0
Development

Successfully merging a pull request may close this issue.

Fix errant 0 exit status on SSH errors inspec/inspec
3 participants
@schisamo @stevendanna @chris-rock