Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Add option: skip password prompting upon failure #189

Closed
bitprophet opened this Issue · 16 comments

4 participants

Jeff Forcier fencai 樊智辉 Luke Gopher
Jeff Forcier
Owner

Description

Some use cases exist where a user would rather abort than be prompted in the case where their stored password is incorrect. Currently there's no option for this; the behavior to reprompt forever is hard coded.

Should be simple enough to add a new CLI flag + env var, something like --no-reprompt, to allow configuration of this behavior.


Originally submitted by Jeff Forcier (bitprophet) on 2010-07-13 at 04:44pm EDT

Relations

  • Related to #8: Allow skipping of "bad" host connections
  • Duplicated by #53: Add command-line option to abort if input is needed
  • Duplicated by #357: Ability to disable password prompt for library usage

Closed as Done on 2011-06-21 at 06:55pm EDT

Jeff Forcier bitprophet was assigned
Jeff Forcier
Owner

**** (matdrapeau) posted:


Patch that is able to abort or skip bad connections on remote hosts. Bad connections occurs by a wrong authentication.

The env state can take new parameters:

  1. skip_bad_connections*, boolean which skip bad connections.

  2. abort_bad_connections*, boolean which stops when a bad connections occurs.

  3. reconnect_tryouts*, number which give the maximum number of reconnection trials.

  4. reconnect_bad_connections*, boolean which try reconnecting if the connection has already failed.


on 2010-10-15 at 11:19am EDT

Jeff Forcier
Owner

**** (trbs) posted:


Without knowing about the ticket here I wrote my own, very simple version of the patch as described here.

The github commit is here: trbs@1679d7b
And the original pull request here: https://github.com/bitprophet/fabric/pull/11

My patch is a lot simpler then the one attached here, it only adds an option to disable/reject interactive password prompts.
In essence I was trying to create something similar to OpenSSH's "BatchMode".

It's still missing a command-line switch, but this shouldn't be hard to add :)


on 2011-03-09 at 01:48pm EST

Jeff Forcier
Owner

Rick Harding (mitechie) posted:


Mathieu Drapeau wrote:

Patch that is able to abort or skip bad connections on remote hosts. Bad connections occurs by a wrong authentication.

The env state can take new parameters:

  1. skip_bad_connections*, boolean which skip bad connections. ....

I tried to apply the patch but git is cranky. I'm using git 1.7, perhaps the patch was created on an older version. Can you rebase/recreate it from master?

 $ git apply --whitespace=fix ~/fabric_reconnection_patch
 /home/rharding/fabric_reconnection_patch:47: trailing whitespace.
 /home/rharding/fabric_reconnection_patch:55: trailing whitespace.
 /home/rharding/fabric_reconnection_patch:74: trailing whitespace.
 If env.abort_bad_connections is true, the decorator will abort the 

 /home/rharding/fabric_reconnection_patch:91: trailing whitespace.       

 error: patch failed: fabric/network.py:155
 error: fabric/network.py: patch does not apply
 error: patch failed: fabric/operations.py:17
 error: fabric/operations.py: patch does not apply
 error: patch failed: fabric/state.py:239
 error: fabric/state.py: patch does not apply

on 2011-03-14 at 11:27am EDT

Jeff Forcier
Owner

jeremy avnet / @brainsik (brainsik) posted:


There's a patch for this (feature, test and docs) created by @glyphobet and me at the pycon sprint. It only implements aborting when there would otherwise be a password prompt. All the stuff above about bad connections is really feature #8 and not this issue.

Commits are here: https://github.com/brainsik/fabric


on 2011-03-15 at 12:14am EDT

Jeff Forcier
Owner

Jeff Forcier (bitprophet) posted:


We should probably also extend this to work for other prompts-displayed-by-Fabric functionality like the "What host to connect to?" question. Basically, searching for raw_input or prompt. I can do this when merging the patch if necessary :)


on 2011-03-15 at 10:58am EDT

Jeff Forcier
Owner

jeremy avnet / @brainsik (brainsik) posted:


Alright, commits pushed to my fork. Aborts on prompt for connection password, sudo password, host, or use of the prompt function.


on 2011-03-15 at 01:22pm EDT

Jeff Forcier
Owner

Jeff Forcier (bitprophet) posted:


See this pull request from Jeremy & Matt for another view of the relevant commits on Jeremy's GH fork.


on 2011-03-21 at 01:19pm EDT

Jeff Forcier
Owner

Jeff Forcier (bitprophet) posted:


Implementing this for 1.1; obtained diff from the commits in Jeremy's pull request (thankfully they were at HEAD and consecutive) and manually applied to my 1.1 codebase:

  • Renamed env var to env.abort_on_prompts as I felt env.prompt was a bit too generic, and the super-obvious name here isn't too horribly long
  • Did my usual editing pass over the docs, including updating AUTHORS
  • Refactored the test-and-abort into a shitty subroutine which I stuck in utils even though that's almost entirely "public" now anyways...just had to ensure that the function is not in the API docs :)

on 2011-06-21 at 06:53pm EDT

Jeff Forcier
Owner

Jeff Forcier (bitprophet) posted:


Applied in changeset commit:5d8d0e3f59645192cd74670fa966eda87c3eb0a7.


on 2011-06-21 at 06:55pm EDT

Jeff Forcier bitprophet closed this
Ramon van Alteren ramonvanalteren referenced this issue from a commit in ramonvanalteren/fabric
Jeff Forcier bitprophet Implements #189: flag for aborting-on-prompts 5d8d0e3
fencai

As I understand, abort-on-prompts only abort the task, but not skip the prompt.
In my case, I have thousands of hosts to run a single task parallel, but some of hosts I can't remember passwords.
When I run this job, I always blocked by those bad hosts which I missed passwords. If you have a flag to disable password prompt, it will helpful.

Thanks for your hard work

樊智辉

@ljpsfree I have a same requirement as you, I searched several issues, but not found a solution until now. Do we have a solution for this situation? @bitprophet Thanks

fencai
Luke Gopher

HI ! I wrote a patch into fabric 1.10 ( into network.py and state.py ) with a new --warn_passphrase option to display a warning message when you use this option and skip the host which asked you the password.
If wou want, i can send you this patch ?

樊智辉

@ljpsfree Thank you. understand your method, I will try this if I can't use @samyscoub 's patch.

Hi @samyscoub : How can I use your patch?

Luke Gopher

Hi @zhihuiFan , I can send you the 2 diff .patch files if you want ?

Luke Gopher

Here is my two patches files :

$ cat fabric-1.10-patch1.patch
--- fabric/network.py
+++ fabric/network.py
@@ -526,9 +526,14 @@
                 # because ssh doesn't provide us with that info, and
                 # env.key_filename may be a list of keys, so we can't know
                 # which one raised the exception. Best not to try.
+                if env.warn_passphrase:
+                      error_msg = 'warn_passphrase option was set and Passphrase detected for %s' % host
+                      sys.stdout.write('***Warning*** '+error_msg + '\n')
+                      raise NetworkError(error_msg, e)
                 prompt = "[%s] Passphrase for private key"
                 text = prompt % env.host_string
-            password = prompt_for_password(text)
+            if not env.warn_passphrase:
+                password = prompt_for_password(text)
             # Update env.password, env.passwords if empty
             set_password(user, host, port, password)
         # Ctrl-D / Ctrl-C for exit
$ cat fabric-1.10-patch2.patch
--- fabric/state.py
+++ fabric/state.py
@@ -280,6 +280,12 @@
         default=False,
         help="warn, instead of abort, when commands fail"
     ),
+    
+   make_option('--warn_passphrase',
+        action='store_true',
+        default=False,
+        help="warn, instead of abort, when a ssh key passphrase is asked"
+    ),
 
     make_option('-x', '--exclude-hosts',
         default=[],
@@ -353,7 +359,8 @@
     'use_shell': True,
     'use_ssh_config': False,
     'user': None,
-    'version': get_version('short')
+    'version': get_version('short'),
+    'warn_passphrase': False,
 })
 
 # Fill in exceptions settings

And with this, you can use the --warn_passphrase option :

$ fab --warn_passphrase -H ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.