New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need a "skip on prompt" option for parallel mode #714

Open
afrittoli opened this Issue Aug 23, 2012 · 4 comments

Comments

Projects
None yet
4 participants
@afrittoli

afrittoli commented Aug 23, 2012

When using parallel mode a prompt for password will default in an abort.

This is not always the desired behavior. In certain cases, it can be desired that a host prompting for something is to be considered a "bad host". Example use cases

  • Using key-based authentication, no password is on the key, no password available at all. In this case a prompt for password would implies that something went wrong with the provisioning of the user on that server, or that the server is not able to connect to the auth system (e.g. LDAP) at the moment
  • Using key-based authentication, password is configured as well, but not accepted. In this case a 2nd prompt for password would implies that something went wrong with the provisioning of the user on that server, or that the server is not able to connect to the auth system (e.g. LDAP) at the moment

I think a way to handle such scenario would be to have a skip_on_prompt option, usable both in serial and parallel mode. In case a prompt (of any kind) is triggered, the server is skipped and the corresponding exception is stored in the result.

@afrittoli

This comment has been minimized.

afrittoli commented Aug 24, 2012

I worked on an implementation for this. This can be made even simpler that I initially though, if we can accept the following assumption: "Having the password set to "None" in the env is interpreted as the intention not to be prompted for password".

With this assumption no additional flag is required, just a two lines code change, plus documentation for this assumption.

The assumption works especially well in case of parallel execution, as it avoids aborting a complete set of tasks because of a set of servers where the public key has not been successfully provisioned.

If you are interested, I have the code fix. I can work on updates for the documentation as well.
How could I submit this for review?

Note that I did not pass the original exception into the new NetworkException on purpose.
Some of the ssh exceptions create issues with pickling, at least in python 2.7.
A good way of handling this could be to build a proper reduce_ex method for the NetworkException.

$ git diff
diff --git a/fabric/network.py b/fabric/network.py
index 096fb20..c1c89fe 100644
--- a/fabric/network.py
+++ b/fabric/network.py
@@ -353,6 +353,23 @@ def connect(user, host, port):
# which one raised the exception. Best not to try.
prompt = "[%s] Passphrase for private key"
text = prompt % env.host_string

  •        # In case the password was "None", we interpret this as a request to 
    
  •        # not prompt for password, so we fail this host. 
    
  •        # This works well in case of parallel execution, avoiding to 
    
  •        # abort a complete set of tasks because of set of servers where
    
  •        # the public key has not been successfully provisioned  
    
  •        # NOTE: 
    
  •        # Other ways to implement this 
    
  •        # 1) make the assumption above only in case:
    
  •        #   a. we specifically ask for it, which would require a new flag in env
    
  •        #   b. we are running in parallel mode. in this case the abort on prompt 
    
  •        #      flag would still abort on other prompts
    
  •        # 2) implement this behaviour for any kind of prompt. Define a new
    
  •        #    flag to control the behaviour of "abort_on_prompt":
    
  •        #   a. Flag is set to abort: abort on any prompt 
    
  •        #   b. Flag is set to skip: fail on this host but do not about on any prompt 
    
  •        if password is None:
    
  •            raise NetworkError('Password-less authentication failed for %s' % host)
           password = prompt_for_password(text)
           # Update env.password, env.passwords if empty
           set_password(password)
    
@djdb

This comment has been minimized.

djdb commented Sep 4, 2013

+1 for this feature request

@bitprophet

This comment has been minimized.

Member

bitprophet commented Apr 16, 2014

Related-ish to #986 insofar as that is also unhappy due to these pickle/queue related class errors. See also http://bugs.python.org/msg112329

@exequielrafaela

This comment has been minimized.

exequielrafaela commented Dec 6, 2016

Considering #1175 I don't finally get if using env.parallel=True & env.skip_password_prompts=True will skip password prompt. There is any permanent feature or workaround to skip password prompt?

Thanks in advance.

dkhapun pushed a commit to cyberx-labs/paramiko that referenced this issue Jun 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment