Class: Bolt::Transport::SSH::Connection
- Inherits:
-
Bolt::Transport::Sudoable::Connection
- Object
- Bolt::Transport::Sudoable::Connection
- Bolt::Transport::SSH::Connection
- Defined in:
- lib/bolt/transport/ssh/connection.rb
Constant Summary collapse
- PAGEANT_NAME =
"Pageant\0".encode(Encoding::UTF_16LE)
Instance Attribute Summary collapse
-
#logger ⇒ Object
readonly
Returns the value of attribute logger.
-
#run_as ⇒ Object
writeonly
Sets the attribute run_as.
-
#target ⇒ Object
readonly
Returns the value of attribute target.
-
#user ⇒ Object
readonly
Returns the value of attribute user.
Instance Method Summary collapse
- #connect ⇒ Object
- #copy_file(source, destination) ⇒ Object
- #disconnect ⇒ Object
- #execute(command, sudoable: false, **options) ⇒ Object
- #handled_sudo(channel, data) ⇒ Object
-
#initialize(target, transport_logger) ⇒ Connection
constructor
A new instance of Connection.
- #write_executable_from_content(dest, content, filename) ⇒ Object
Methods inherited from Bolt::Transport::Sudoable::Connection
#make_executable, #make_tempdir, #run_as, #running_as, #with_tempdir, #write_executable
Constructor Details
#initialize(target, transport_logger) ⇒ Connection
Returns a new instance of Connection.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/bolt/transport/ssh/connection.rb', line 17 def initialize(target, transport_logger) # lazy-load expensive gem code require 'net/ssh' require 'net/ssh/proxy/jump' raise Bolt::ValidationError, "Target #{target.name} does not have a host" unless target.host @target = target @load_config = target.['load-config'] ssh_user = @load_config ? Net::SSH::Config.for(target.host)[:user] : nil @user = @target.user || ssh_user || Etc.getlogin @run_as = nil @logger = Logging.logger[@target.host] @transport_logger = transport_logger end |
Instance Attribute Details
#logger ⇒ Object (readonly)
Returns the value of attribute logger.
14 15 16 |
# File 'lib/bolt/transport/ssh/connection.rb', line 14 def logger @logger end |
#run_as=(value) ⇒ Object (writeonly)
Sets the attribute run_as
15 16 17 |
# File 'lib/bolt/transport/ssh/connection.rb', line 15 def run_as=(value) @run_as = value end |
#target ⇒ Object (readonly)
Returns the value of attribute target.
14 15 16 |
# File 'lib/bolt/transport/ssh/connection.rb', line 14 def target @target end |
#user ⇒ Object (readonly)
Returns the value of attribute user.
14 15 16 |
# File 'lib/bolt/transport/ssh/connection.rb', line 14 def user @user end |
Instance Method Details
#connect ⇒ Object
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
# File 'lib/bolt/transport/ssh/connection.rb', line 37 def connect = { logger: @transport_logger, non_interactive: true } if (key = target.['private-key']) if key.instance_of?(String) [:keys] = key else [:key_data] = [key['key-data']] end end [:port] = target.port if target.port [:password] = target.password if target.password # Support both net-ssh 4 and 5. We use 5 in packaging, but Beaker pins to 4 so we # want the gem to be compatible with version 4. [:verify_host_key] = if target.['host-key-check'] if defined?(Net::SSH::Verifiers::Always) Net::SSH::Verifiers::Always.new else Net::SSH::Verifiers::Secure.new end elsif defined?(Net::SSH::Verifiers::Never) Net::SSH::Verifiers::Never.new else Net::SSH::Verifiers::Null.new end [:timeout] = target.['connect-timeout'] if target.['connect-timeout'] [:proxy] = Net::SSH::Proxy::Jump.new(target.['proxyjump']) if target.['proxyjump'] # This option was to address discrepency betwen net-ssh host-key-check and ssh(1) # For the net-ssh 5.x series it defaults to true, in 6.x it will default to false, and will be removed in 7.x # https://github.com/net-ssh/net-ssh/pull/663#issuecomment-469979931 [:check_host_ip] = false if Net::SSH::VALID_OPTIONS.include?(:check_host_ip) if @load_config # Mirroring: # https://github.com/net-ssh/net-ssh/blob/master/lib/net/ssh/authentication/agent.rb#L80 # https://github.com/net-ssh/net-ssh/blob/master/lib/net/ssh/authentication/pageant.rb#L403 if defined?(UNIXSocket) && UNIXSocket if ENV['SSH_AUTH_SOCK'].to_s.empty? @logger.debug { "Disabling use_agent in net-ssh: ssh-agent is not available" } [:use_agent] = false end elsif Bolt::Util.windows? require 'Win32API' # case matters in this require! # https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-findwindoww @find_window ||= Win32API.new('user32', 'FindWindowW', %w[P P], 'L') if @find_window.call(nil, PAGEANT_NAME).to_i == 0 @logger.debug { "Disabling use_agent in net-ssh: pageant process not running" } [:use_agent] = false end end else # Disable ssh config and ssh-agent if requested via load_config [:config] = false [:use_agent] = false end @session = Net::SSH.start(target.host, @user, ) @logger.debug { "Opened session" } rescue Net::SSH::AuthenticationFailed => e raise Bolt::Node::ConnectError.new( e., 'AUTH_ERROR' ) rescue Net::SSH::HostKeyError => e raise Bolt::Node::ConnectError.new( "Host key verification failed for #{target.uri}: #{e.message}", 'HOST_KEY_ERROR' ) rescue Net::SSH::ConnectionTimeout raise Bolt::Node::ConnectError.new( "Timeout after #{target.options['connect-timeout']} seconds connecting to #{target.uri}", 'CONNECT_ERROR' ) rescue StandardError => e raise Bolt::Node::ConnectError.new( "Failed to connect to #{target.uri}: #{e.message}", 'CONNECT_ERROR' ) end |
#copy_file(source, destination) ⇒ Object
243 244 245 246 247 |
# File 'lib/bolt/transport/ssh/connection.rb', line 243 def copy_file(source, destination) @session.scp.upload!(source, destination, recursive: true) rescue StandardError => e raise Bolt::Node::FileError.new(e., 'WRITE_ERROR') end |
#disconnect ⇒ Object
123 124 125 126 127 128 |
# File 'lib/bolt/transport/ssh/connection.rb', line 123 def disconnect if @session && !@session.closed? @session.close @logger.debug { "Closed session" } end end |
#execute(command, sudoable: false, **options) ⇒ Object
160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 |
# File 'lib/bolt/transport/ssh/connection.rb', line 160 def execute(command, sudoable: false, **) result_output = Bolt::Node::Output.new run_as = [:run_as] || self.run_as escalate = sudoable && run_as && @user != run_as use_sudo = escalate && @target.['run-as-command'].nil? if [:interpreter] command.is_a?(Array) ? command.unshift([:interpreter]) : [[:interpreter], command] end command_str = command.is_a?(String) ? command : Shellwords.shelljoin(command) if escalate if use_sudo sudo_flags = ["sudo", "-S", "-u", run_as, "-p", Sudoable.sudo_prompt] sudo_flags += ["-E"] if [:environment] sudo_str = Shellwords.shelljoin(sudo_flags) command_str = "#{sudo_str} #{command_str}" else run_as_str = Shellwords.shelljoin(@target.['run-as-command'] + [run_as]) command_str = "#{run_as_str} #{command_str}" end end # Including the environment declarations in the shelljoin will escape # the = sign, so we have to handle them separately. if [:environment] env_decls = [:environment].map do |env, val| "#{env}=#{Shellwords.shellescape(val)}" end command_str = "#{env_decls.join(' ')} #{command_str}" end @logger.debug { "Executing: #{command_str}" } session_channel = @session.open_channel do |channel| # Request a pseudo tty channel.request_pty if target.['tty'] channel.exec(command_str) do |_, success| unless success raise Bolt::Node::ConnectError.new( "Could not execute command: #{command_str.inspect}", 'EXEC_ERROR' ) end channel.on_data do |_, data| unless use_sudo && handled_sudo(channel, data) result_output.stdout << data end @logger.debug { "stdout: #{data.strip}" } end channel.on_extended_data do |_, _, data| unless use_sudo && handled_sudo(channel, data) result_output.stderr << data end @logger.debug { "stderr: #{data.strip}" } end channel.on_request("exit-status") do |_, data| result_output.exit_code = data.read_long end if [:stdin] channel.send_data([:stdin]) channel.eof! end end end session_channel.wait if result_output.exit_code == 0 @logger.debug { "Command returned successfully" } else @logger.info { "Command failed with exit code #{result_output.exit_code}" } end result_output rescue StandardError @logger.debug { "Command aborted" } raise end |
#handled_sudo(channel, data) ⇒ Object
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 |
# File 'lib/bolt/transport/ssh/connection.rb', line 130 def handled_sudo(channel, data) if data.lines.include?(Sudoable.sudo_prompt) if target.['sudo-password'] channel.send_data "#{target.options['sudo-password']}\n" channel.wait return true else # Cancel the sudo prompt to prevent later commands getting stuck channel.close raise Bolt::Node::EscalateError.new( "Sudo password for user #{@user} was not provided for #{target.uri}", 'NO_PASSWORD' ) end elsif data =~ /^#{@user} is not in the sudoers file\./ @logger.debug { data } raise Bolt::Node::EscalateError.new( "User #{@user} does not have sudo permission on #{target.uri}", 'SUDO_DENIED' ) elsif data =~ /^Sorry, try again\./ @logger.debug { data } raise Bolt::Node::EscalateError.new( "Sudo password for user #{@user} not recognized on #{target.uri}", 'BAD_PASSWORD' ) end false end |
#write_executable_from_content(dest, content, filename) ⇒ Object
249 250 251 252 253 254 |
# File 'lib/bolt/transport/ssh/connection.rb', line 249 def write_executable_from_content(dest, content, filename) remote_path = File.join(dest.to_s, filename) @session.scp.upload!(StringIO.new(content), remote_path) make_executable(remote_path) remote_path end |