Need a "skip on prompt" option for parallel mode #714

Open
afrittoli opened this Issue Aug 23, 2012 · 4 comments

Projects

None yet

4 participants

@afrittoli

When using parallel mode a prompt for password will default in an abort.

This is not always the desired behavior. In certain cases, it can be desired that a host prompting for something is to be considered a "bad host". Example use cases

  • Using key-based authentication, no password is on the key, no password available at all. In this case a prompt for password would implies that something went wrong with the provisioning of the user on that server, or that the server is not able to connect to the auth system (e.g. LDAP) at the moment
  • Using key-based authentication, password is configured as well, but not accepted. In this case a 2nd prompt for password would implies that something went wrong with the provisioning of the user on that server, or that the server is not able to connect to the auth system (e.g. LDAP) at the moment

I think a way to handle such scenario would be to have a skip_on_prompt option, usable both in serial and parallel mode. In case a prompt (of any kind) is triggered, the server is skipped and the corresponding exception is stored in the result.

@afrittoli

I worked on an implementation for this. This can be made even simpler that I initially though, if we can accept the following assumption: "Having the password set to "None" in the env is interpreted as the intention not to be prompted for password".

With this assumption no additional flag is required, just a two lines code change, plus documentation for this assumption.

The assumption works especially well in case of parallel execution, as it avoids aborting a complete set of tasks because of a set of servers where the public key has not been successfully provisioned.

If you are interested, I have the code fix. I can work on updates for the documentation as well.
How could I submit this for review?

Note that I did not pass the original exception into the new NetworkException on purpose.
Some of the ssh exceptions create issues with pickling, at least in python 2.7.
A good way of handling this could be to build a proper reduce_ex method for the NetworkException.

$ git diff
diff --git a/fabric/network.py b/fabric/network.py
index 096fb20..c1c89fe 100644
--- a/fabric/network.py
+++ b/fabric/network.py
@@ -353,6 +353,23 @@ def connect(user, host, port):
# which one raised the exception. Best not to try.
prompt = "[%s] Passphrase for private key"
text = prompt % env.host_string

  •        # In case the password was "None", we interpret this as a request to 
    
  •        # not prompt for password, so we fail this host. 
    
  •        # This works well in case of parallel execution, avoiding to 
    
  •        # abort a complete set of tasks because of set of servers where
    
  •        # the public key has not been successfully provisioned  
    
  •        # NOTE: 
    
  •        # Other ways to implement this 
    
  •        # 1) make the assumption above only in case:
    
  •        #   a. we specifically ask for it, which would require a new flag in env
    
  •        #   b. we are running in parallel mode. in this case the abort on prompt 
    
  •        #      flag would still abort on other prompts
    
  •        # 2) implement this behaviour for any kind of prompt. Define a new
    
  •        #    flag to control the behaviour of "abort_on_prompt":
    
  •        #   a. Flag is set to abort: abort on any prompt 
    
  •        #   b. Flag is set to skip: fail on this host but do not about on any prompt 
    
  •        if password is None:
    
  •            raise NetworkError('Password-less authentication failed for %s' % host)
           password = prompt_for_password(text)
           # Update env.password, env.passwords if empty
           set_password(password)
    
@djdb
djdb commented Sep 4, 2013

+1 for this feature request

@bitprophet
Member

Related-ish to #986 insofar as that is also unhappy due to these pickle/queue related class errors. See also http://bugs.python.org/msg112329

@xarg xarg added a commit to xarg/paramiko that referenced this issue Apr 16, 2014
@xarg xarg Added self.args for exception classes. Used for unpickling 19b2266
@bitprophet bitprophet added a commit to paramiko/paramiko that referenced this issue Apr 16, 2014
@bitprophet bitprophet Added self.args for exception classes. Used for unpickling
Related to fabric/fabric#986 and fabric/fabric#714

Conflicts:
	sites/www/changelog.rst
30f6f98
@exequielrafaela
exequielrafaela commented Dec 6, 2016 edited

Considering #1175 I don't finally get if using env.parallel=True & env.skip_password_prompts=True will skip password prompt. There is any permanent feature or workaround to skip password prompt?

Thanks in advance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment