New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fabric incorrectly treats a failed connection as an authentication failure when using a gateway. #1542

Closed
wcs1only opened this Issue Dec 17, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@wcs1only

wcs1only commented Dec 17, 2016

When connecting through a gateway, fabric will treat a connection failure as an auth failure and give a password prompt (even when using keyed auth).

You can easily reproduce this issue with the following program:

from fabric.api import *

@task
def reboot_host():
    sudo('whoami')
    reboot(wait=3600)
    sudo('whoami')

Connecting to a host directly and running this task gives

a45e60c70e75:test stwillar$ fab reboot_host
[****.us-west-2.compute.amazonaws.com] Executing task 'reboot_host'
[****.us-west-2.compute.amazonaws.com] sudo: whoami
[****.us-west-2.compute.amazonaws.com] out: sudo password: 

[****.us-west-2.compute.amazonaws.com] out: root
[****.us-west-2.compute.amazonaws.com] out: 

[****.us-west-2.compute.amazonaws.com] out: sudo password:
[****.us-west-2.compute.amazonaws.com] out: 
[****.us-west-2.compute.amazonaws.com] sudo: whoami
[****.us-west-2.compute.amazonaws.com] out: sudo password:
[****.us-west-2.compute.amazonaws.com] out: root
[****.us-west-2.compute.amazonaws.com] out: 

This same task, run through a gateway gives the following output:

a45e60c70e75:test stwillar$ fab -g ****.us-west-2.compute.amazonaws.com reboot_host
[****.us-west-2.compute.amazonaws.com] Executing task 'reboot_host'
[****.us-west-2.compute.amazonaws.com] sudo: whoami
[****.us-west-2.compute.amazonaws.com] out: sudo password: 

[****.us-west-2.compute.amazonaws.com] out: root
[****.us-west-2.compute.amazonaws.com] out: 

[****.us-west-2.compute.amazonaws.com] out: sudo password:
[****.us-west-2.compute.amazonaws.com] out: 
No handlers could be found for logger "paramiko.transport"
[****.us-west-2.compute.amazonaws.com] Login password for 'ec2-user': 
[****.us-west-2.compute.amazonaws.com] Login password for 'ec2-user': 
[****.us-west-2.compute.amazonaws.com] Login password for 'ec2-user': 
[****.us-west-2.compute.amazonaws.com] Login password for 'ec2-user': 

It will continue to loop asking for the password until the host comes back. I did some digging and found that the issue is because paramiko gives a ChannelException when the gateway fails to connect to the remote host. Fabric treats this as a generic SSHException which will in turn cause a reauthentication attempt. I wrote a unit test that reproduces the issue, and a patch that fixes it.

A pull request will follow shortly.

@bitprophet

This comment has been minimized.

Show comment
Hide comment
@bitprophet

bitprophet Dec 19, 2016

Member

Merging with the PR.

Member

bitprophet commented Dec 19, 2016

Merging with the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment