New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Netapi SSH client don't support ssh_user and ssh_passwd arguments #24358

Closed
pengyao opened this Issue Jun 3, 2015 · 10 comments

Comments

Projects
None yet
4 participants
@pengyao
Contributor

pengyao commented Jun 3, 2015

salt-ssh should appoint username and password for ssh connection if not set ssh_user and ssh_passwd in roster. like this:

salt-ssh --user='root' --passwd='root_pass' '*' test.ping

In Python API, we can do it like this:

from salt.client.ssh.client import SSHClient
client = SSHClient()
client.cmd(tgt='*', fun='test.ping', salt_user='root', salt_passwd='root_pass')

But in netapi, have no way to appoint the ssh_user and ssh_passwd

@whiteinge

This comment has been minimized.

Show comment
Hide comment
@whiteinge

whiteinge Jun 3, 2015

Contributor

I think this should be transparently passed through. What syntax have you tried so far?

You can try this (example is in JSON so set the content-type header in your request to application/json):

[{"tgt": "*", "salt_password": "pass", "salt_user": "root", "fun": "test.ping", "client": "cloud"}]
Contributor

whiteinge commented Jun 3, 2015

I think this should be transparently passed through. What syntax have you tried so far?

You can try this (example is in JSON so set the content-type header in your request to application/json):

[{"tgt": "*", "salt_password": "pass", "salt_user": "root", "fun": "test.ping", "client": "cloud"}]

@whiteinge whiteinge added this to the Blocked milestone Jun 3, 2015

@pengyao

This comment has been minimized.

Show comment
Hide comment
@pengyao

pengyao Jun 4, 2015

Contributor

I have try this:

curl http://localhost:8000/run -H 'Content-Type: application/json' -d '[{"client": "ssh", "tgt": "*", "fun": "test.ping", "ssh_user": "root", "ssh_passwd": "root_pass"}]'

Result:

{"return": [{"minion-01.example.com": {"retcode": 255, "stderr": "Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "stdout": ""}}]}

In https://github.com/saltstack/salt/blob/v2015.5.1/salt/client/ssh/client.py#L112:

        return self.cmd(low['tgt'],
                        low['fun'],
                        low.get('arg', []),
                        low.get('timeout'),
                        low.get('expr_form'),
                        low.get('kwarg'))

cmd_async don't pass salt_user and salt_passwd parameter values to cmd function, so it isn't effect

Contributor

pengyao commented Jun 4, 2015

I have try this:

curl http://localhost:8000/run -H 'Content-Type: application/json' -d '[{"client": "ssh", "tgt": "*", "fun": "test.ping", "ssh_user": "root", "ssh_passwd": "root_pass"}]'

Result:

{"return": [{"minion-01.example.com": {"retcode": 255, "stderr": "Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "stdout": ""}}]}

In https://github.com/saltstack/salt/blob/v2015.5.1/salt/client/ssh/client.py#L112:

        return self.cmd(low['tgt'],
                        low['fun'],
                        low.get('arg', []),
                        low.get('timeout'),
                        low.get('expr_form'),
                        low.get('kwarg'))

cmd_async don't pass salt_user and salt_passwd parameter values to cmd function, so it isn't effect

@whiteinge whiteinge modified the milestones: Approved, Blocked Jun 4, 2015

@whiteinge

This comment has been minimized.

Show comment
Hide comment
@whiteinge

whiteinge Jun 4, 2015

Contributor

Great catch! Thanks for pointing that out.

Contributor

whiteinge commented Jun 4, 2015

Great catch! Thanks for pointing that out.

@whiteinge

This comment has been minimized.

Show comment
Hide comment
@whiteinge

whiteinge Jun 4, 2015

Contributor

@pengyao quick fix in the above pull req. I won't have time to test this before tomorrow or so. If you're able to test it before then please let us know how it goes.

Contributor

whiteinge commented Jun 4, 2015

@pengyao quick fix in the above pull req. I won't have time to test this before tomorrow or so. If you're able to test it before then please let us know how it goes.

@pengyao

This comment has been minimized.

Show comment
Hide comment
@pengyao

pengyao Jun 4, 2015

Contributor

@whiteinge It don't work, because salt_user and salt_passwd arguments in low , not kwargs

Contributor

pengyao commented Jun 4, 2015

@whiteinge It don't work, because salt_user and salt_passwd arguments in low , not kwargs

@pengyao pengyao referenced this issue Jun 4, 2015

Merged

fixes #24358 #24388

@whiteinge

This comment has been minimized.

Show comment
Hide comment
@whiteinge

whiteinge Jun 4, 2015

Contributor

Doh. Right you are. Thanks for submitting a fix!

Contributor

whiteinge commented Jun 4, 2015

Doh. Right you are. Thanks for submitting a fix!

@rallytime rallytime closed this in 5c08ca4 Jun 9, 2015

@basepi basepi reopened this Jun 9, 2015

@basepi basepi closed this Jun 9, 2015

@double-yaya

This comment has been minimized.

Show comment
Hide comment
@double-yaya

double-yaya Aug 26, 2015

I try this:

curl http://localhost:8000/run -H 'Content-Type: application/json' -d '[{"client": "ssh", "tgt": "*", "fun": "test.ping", "ssh_user": "root", "ssh_passwd": "root_pass"}]'

result:

{"return": [{"minion2": {"retcode": 255, "stderr": "Permission denied, please try again.\r\nPermission denied, please try again.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "stdout": "root@minion2's password: \nroot@minion2's password: \nroot@minion2's password: \n"}}]}

version report

           Salt: 2015.5.3
         Python: 2.6.6 (r266:84292, May  1 2012, 13:52:17)
         Jinja2: unknown
       M2Crypto: 0.20.2
 msgpack-python: 0.1.13
   msgpack-pure: Not Installed
       pycrypto: 2.0.1
        libnacl: Not Installed
         PyYAML: 3.10
          ioflo: Not Installed
          PyZMQ: 2.2.0.1
           RAET: Not Installed
            ZMQ: 3.2.4
           Mako: Not Installed
        Tornado: Not Installed 

double-yaya commented Aug 26, 2015

I try this:

curl http://localhost:8000/run -H 'Content-Type: application/json' -d '[{"client": "ssh", "tgt": "*", "fun": "test.ping", "ssh_user": "root", "ssh_passwd": "root_pass"}]'

result:

{"return": [{"minion2": {"retcode": 255, "stderr": "Permission denied, please try again.\r\nPermission denied, please try again.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "stdout": "root@minion2's password: \nroot@minion2's password: \nroot@minion2's password: \n"}}]}

version report

           Salt: 2015.5.3
         Python: 2.6.6 (r266:84292, May  1 2012, 13:52:17)
         Jinja2: unknown
       M2Crypto: 0.20.2
 msgpack-python: 0.1.13
   msgpack-pure: Not Installed
       pycrypto: 2.0.1
        libnacl: Not Installed
         PyYAML: 3.10
          ioflo: Not Installed
          PyZMQ: 2.2.0.1
           RAET: Not Installed
            ZMQ: 3.2.4
           Mako: Not Installed
        Tornado: Not Installed 
@double-yaya

This comment has been minimized.

Show comment
Hide comment
@double-yaya

double-yaya Aug 26, 2015

In 2014.1.4 version I can specify the target machine execute commands, the target machine not written in the roster file
command like this:

salt-ssh 'ip' test.ping --passwd rootpassword
ip:
    True 

But in 2015.5.3 version failed

result:

No hosts found with target ip of type glob 

So.....In 2015.5.3 version,the target machine must be written in a roster file?

double-yaya commented Aug 26, 2015

In 2014.1.4 version I can specify the target machine execute commands, the target machine not written in the roster file
command like this:

salt-ssh 'ip' test.ping --passwd rootpassword
ip:
    True 

But in 2015.5.3 version failed

result:

No hosts found with target ip of type glob 

So.....In 2015.5.3 version,the target machine must be written in a roster file?

@basepi

This comment has been minimized.

Show comment
Hide comment
@basepi

basepi Aug 26, 2015

Collaborator

Interesting, I didn't know that it ever worked to just use the IP address of the host without specifying a roster. I think 2015.5 requires a roster file, but it should also be fairly straightforward to allow raw ip addresses in the command without a roster file. Would you please open a new issue?

Collaborator

basepi commented Aug 26, 2015

Interesting, I didn't know that it ever worked to just use the IP address of the host without specifying a roster. I think 2015.5 requires a roster file, but it should also be fairly straightforward to allow raw ip addresses in the command without a roster file. Would you please open a new issue?

@double-yaya

This comment has been minimized.

Show comment
Hide comment
@double-yaya

double-yaya commented Aug 27, 2015

issue #26689

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment