/fabric

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fabric incorrectly treats a failed connection as an authentication failure when using a gateway. #1542

Closed
wcs1only opened this Issue Dec 17, 2016 · 1 comment

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@wcs1only @bitprophet
@wcs1only

wcs1only commented Dec 17, 2016
edited

When connecting through a gateway, fabric will treat a connection failure as an auth failure and give a password prompt (even when using keyed auth).

You can easily reproduce this issue with the following program:

from fabric.api import *

@task
def reboot_host():
    sudo('whoami')
    reboot(wait=3600)
    sudo('whoami')

Connecting to a host directly and running this task gives

a45e60c70e75:test stwillar$ fab reboot_host
[****.us-west-2.compute.amazonaws.com] Executing task 'reboot_host'
[****.us-west-2.compute.amazonaws.com] sudo: whoami
[****.us-west-2.compute.amazonaws.com] out: sudo password: 

[****.us-west-2.compute.amazonaws.com] out: root
[****.us-west-2.compute.amazonaws.com] out: 

[****.us-west-2.compute.amazonaws.com] out: sudo password:
[****.us-west-2.compute.amazonaws.com] out: 
[****.us-west-2.compute.amazonaws.com] sudo: whoami
[****.us-west-2.compute.amazonaws.com] out: sudo password:
[****.us-west-2.compute.amazonaws.com] out: root
[****.us-west-2.compute.amazonaws.com] out:

This same task, run through a gateway gives the following output:

a45e60c70e75:test stwillar$ fab -g ****.us-west-2.compute.amazonaws.com reboot_host
[****.us-west-2.compute.amazonaws.com] Executing task 'reboot_host'
[****.us-west-2.compute.amazonaws.com] sudo: whoami
[****.us-west-2.compute.amazonaws.com] out: sudo password: 

[****.us-west-2.compute.amazonaws.com] out: root
[****.us-west-2.compute.amazonaws.com] out: 

[****.us-west-2.compute.amazonaws.com] out: sudo password:
[****.us-west-2.compute.amazonaws.com] out: 
No handlers could be found for logger "paramiko.transport"
[****.us-west-2.compute.amazonaws.com] Login password for 'ec2-user': 
[****.us-west-2.compute.amazonaws.com] Login password for 'ec2-user': 
[****.us-west-2.compute.amazonaws.com] Login password for 'ec2-user': 
[****.us-west-2.compute.amazonaws.com] Login password for 'ec2-user':

It will continue to loop asking for the password until the host comes back. I did some digging and found that the issue is because paramiko gives a ChannelException when the gateway fails to connect to the remote host. Fabric treats this as a generic SSHException which will in turn cause a reauthentication attempt. I wrote a unit test that reproduces the issue, and a patch that fixes it.

A pull request will follow shortly.

wcs1only added a commit to wcs1only/fabric that referenced this issue Dec 17, 2016

@wcs1only
Fixes #1542 raise NetworkError on ChannelException
f2351c9

@bitprophet bitprophet referenced this issue Dec 19, 2016

Closed

Fixes #1542 raise NetworkError on ChannelException #1543

@bitprophet

This comment has been minimized.

Show comment
Hide comment
@bitprophet

bitprophet Dec 19, 2016

Member

Merging with the PR.
Member

bitprophet commented Dec 19, 2016

Merging with the PR.

@bitprophet bitprophet closed this Dec 19, 2016

bitprophet added a commit that referenced this issue Apr 24, 2017

@wcs1only @bitprophet
Fixes #1542 raise NetworkError on ChannelException
02c2b58

bitprophet added a commit that referenced this issue Apr 24, 2017

@bitprophet
Changelog closes #1542, closes #1543
f675cd1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment