Class: Bolt::Transport::SSH::Connection
- Inherits:
-
Bolt::Transport::Sudoable::Connection
- Object
- Bolt::Transport::Sudoable::Connection
- Bolt::Transport::SSH::Connection
- Defined in:
- lib/bolt/transport/ssh/connection.rb
Constant Summary collapse
- PAGEANT_NAME =
"Pageant\0".encode(Encoding::UTF_16LE)
Instance Attribute Summary collapse
-
#logger ⇒ Object
readonly
Returns the value of attribute logger.
-
#run_as ⇒ Object
writeonly
Sets the attribute run_as.
-
#target ⇒ Object
readonly
Returns the value of attribute target.
-
#user ⇒ Object
readonly
Returns the value of attribute user.
Instance Method Summary collapse
- #connect ⇒ Object
- #copy_file(source, destination) ⇒ Object
- #disconnect ⇒ Object
- #execute(command, sudoable: false, **options) ⇒ Object
- #handled_sudo(channel, data) ⇒ Object
-
#initialize(target, transport_logger) ⇒ Connection
constructor
A new instance of Connection.
- #write_executable_from_content(dest, content, filename) ⇒ Object
Methods inherited from Bolt::Transport::Sudoable::Connection
#make_executable, #make_tempdir, #run_as, #running_as, #with_tempdir, #write_executable
Constructor Details
#initialize(target, transport_logger) ⇒ Connection
Returns a new instance of Connection.
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/bolt/transport/ssh/connection.rb', line 17 def initialize(target, transport_logger) # lazy-load expensive gem code require 'net/ssh' require 'net/ssh/proxy/jump' raise Bolt::ValidationError, "Target #{target.name} does not have a host" unless target.host @target = target @load_config = target.['load-config'] ssh_user = @load_config ? Net::SSH::Config.for(target.host)[:user] : nil @user = @target.user || ssh_user || Etc.getlogin @run_as = nil @logger = Logging.logger[@target.host] @transport_logger = transport_logger if target.['private-key']&.instance_of?(String) begin Bolt::Util.validate_file('ssh key', target.['private-key']) rescue Bolt::FileError => e @logger.warn(e.msg) end end end |
Instance Attribute Details
#logger ⇒ Object (readonly)
Returns the value of attribute logger.
14 15 16 |
# File 'lib/bolt/transport/ssh/connection.rb', line 14 def logger @logger end |
#run_as=(value) ⇒ Object (writeonly)
Sets the attribute run_as
15 16 17 |
# File 'lib/bolt/transport/ssh/connection.rb', line 15 def run_as=(value) @run_as = value end |
#target ⇒ Object (readonly)
Returns the value of attribute target.
14 15 16 |
# File 'lib/bolt/transport/ssh/connection.rb', line 14 def target @target end |
#user ⇒ Object (readonly)
Returns the value of attribute user.
14 15 16 |
# File 'lib/bolt/transport/ssh/connection.rb', line 14 def user @user end |
Instance Method Details
#connect ⇒ Object
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'lib/bolt/transport/ssh/connection.rb', line 45 def connect = { logger: @transport_logger, non_interactive: true } if (key = target.['private-key']) if key.instance_of?(String) [:keys] = key else [:key_data] = [key['key-data']] end end [:port] = target.port if target.port [:password] = target.password if target.password # Support both net-ssh 4 and 5. We use 5 in packaging, but Beaker pins to 4 so we # want the gem to be compatible with version 4. [:verify_host_key] = if target.['host-key-check'] if defined?(Net::SSH::Verifiers::Always) Net::SSH::Verifiers::Always.new else Net::SSH::Verifiers::Secure.new end elsif defined?(Net::SSH::Verifiers::Never) Net::SSH::Verifiers::Never.new else Net::SSH::Verifiers::Null.new end [:timeout] = target.['connect-timeout'] if target.['connect-timeout'] [:proxy] = Net::SSH::Proxy::Jump.new(target.['proxyjump']) if target.['proxyjump'] # This option was to address discrepency betwen net-ssh host-key-check and ssh(1) # For the net-ssh 5.x series it defaults to true, in 6.x it will default to false, and will be removed in 7.x # https://github.com/net-ssh/net-ssh/pull/663#issuecomment-469979931 [:check_host_ip] = false if Net::SSH::VALID_OPTIONS.include?(:check_host_ip) if @load_config # Mirroring: # https://github.com/net-ssh/net-ssh/blob/master/lib/net/ssh/authentication/agent.rb#L80 # https://github.com/net-ssh/net-ssh/blob/master/lib/net/ssh/authentication/pageant.rb#L403 if defined?(UNIXSocket) && UNIXSocket if ENV['SSH_AUTH_SOCK'].to_s.empty? @logger.debug { "Disabling use_agent in net-ssh: ssh-agent is not available" } [:use_agent] = false end elsif Bolt::Util.windows? require 'Win32API' # case matters in this require! # https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-findwindoww @find_window ||= Win32API.new('user32', 'FindWindowW', %w[P P], 'L') if @find_window.call(nil, PAGEANT_NAME).to_i == 0 @logger.debug { "Disabling use_agent in net-ssh: pageant process not running" } [:use_agent] = false end end else # Disable ssh config and ssh-agent if requested via load_config [:config] = false [:use_agent] = false end @session = Net::SSH.start(target.host, @user, ) @logger.debug { "Opened session" } rescue Net::SSH::AuthenticationFailed => e raise Bolt::Node::ConnectError.new( e., 'AUTH_ERROR' ) rescue Net::SSH::HostKeyError => e raise Bolt::Node::ConnectError.new( "Host key verification failed for #{target.uri}: #{e.}", 'HOST_KEY_ERROR' ) rescue Net::SSH::ConnectionTimeout raise Bolt::Node::ConnectError.new( "Timeout after #{target.['connect-timeout']} seconds connecting to #{target.uri}", 'CONNECT_ERROR' ) rescue StandardError => e raise Bolt::Node::ConnectError.new( "Failed to connect to #{target.uri}: #{e.}", 'CONNECT_ERROR' ) end |
#copy_file(source, destination) ⇒ Object
251 252 253 254 255 |
# File 'lib/bolt/transport/ssh/connection.rb', line 251 def copy_file(source, destination) @session.scp.upload!(source, destination, recursive: true) rescue StandardError => e raise Bolt::Node::FileError.new(e., 'WRITE_ERROR') end |
#disconnect ⇒ Object
131 132 133 134 135 136 |
# File 'lib/bolt/transport/ssh/connection.rb', line 131 def disconnect if @session && !@session.closed? @session.close @logger.debug { "Closed session" } end end |
#execute(command, sudoable: false, **options) ⇒ Object
168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 |
# File 'lib/bolt/transport/ssh/connection.rb', line 168 def execute(command, sudoable: false, **) result_output = Bolt::Node::Output.new run_as = [:run_as] || self.run_as escalate = sudoable && run_as && @user != run_as use_sudo = escalate && @target.['run-as-command'].nil? if [:interpreter] command.is_a?(Array) ? command.unshift([:interpreter]) : [[:interpreter], command] end command_str = command.is_a?(String) ? command : Shellwords.shelljoin(command) if escalate if use_sudo sudo_flags = ["sudo", "-S", "-u", run_as, "-p", Sudoable.sudo_prompt] sudo_flags += ["-E"] if [:environment] sudo_str = Shellwords.shelljoin(sudo_flags) command_str = "#{sudo_str} #{command_str}" else run_as_str = Shellwords.shelljoin(@target.['run-as-command'] + [run_as]) command_str = "#{run_as_str} #{command_str}" end end # Including the environment declarations in the shelljoin will escape # the = sign, so we have to handle them separately. if [:environment] env_decls = [:environment].map do |env, val| "#{env}=#{Shellwords.shellescape(val)}" end command_str = "#{env_decls.join(' ')} #{command_str}" end @logger.debug { "Executing: #{command_str}" } session_channel = @session.open_channel do |channel| # Request a pseudo tty channel.request_pty if target.['tty'] channel.exec(command_str) do |_, success| unless success raise Bolt::Node::ConnectError.new( "Could not execute command: #{command_str.inspect}", 'EXEC_ERROR' ) end channel.on_data do |_, data| unless use_sudo && handled_sudo(channel, data) result_output.stdout << data end @logger.debug { "stdout: #{data.strip}" } end channel.on_extended_data do |_, _, data| unless use_sudo && handled_sudo(channel, data) result_output.stderr << data end @logger.debug { "stderr: #{data.strip}" } end channel.on_request("exit-status") do |_, data| result_output.exit_code = data.read_long end if [:stdin] channel.send_data([:stdin]) channel.eof! end end end session_channel.wait if result_output.exit_code == 0 @logger.debug { "Command returned successfully" } else @logger.info { "Command failed with exit code #{result_output.exit_code}" } end result_output rescue StandardError @logger.debug { "Command aborted" } raise end |
#handled_sudo(channel, data) ⇒ Object
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/bolt/transport/ssh/connection.rb', line 138 def handled_sudo(channel, data) if data.lines.include?(Sudoable.sudo_prompt) if target.['sudo-password'] channel.send_data "#{target.['sudo-password']}\n" channel.wait return true else # Cancel the sudo prompt to prevent later commands getting stuck channel.close raise Bolt::Node::EscalateError.new( "Sudo password for user #{@user} was not provided for #{target.uri}", 'NO_PASSWORD' ) end elsif data =~ /^#{@user} is not in the sudoers file\./ @logger.debug { data } raise Bolt::Node::EscalateError.new( "User #{@user} does not have sudo permission on #{target.uri}", 'SUDO_DENIED' ) elsif data =~ /^Sorry, try again\./ @logger.debug { data } raise Bolt::Node::EscalateError.new( "Sudo password for user #{@user} not recognized on #{target.uri}", 'BAD_PASSWORD' ) end false end |
#write_executable_from_content(dest, content, filename) ⇒ Object
257 258 259 260 261 262 |
# File 'lib/bolt/transport/ssh/connection.rb', line 257 def write_executable_from_content(dest, content, filename) remote_path = File.join(dest.to_s, filename) @session.scp.upload!(StringIO.new(content), remote_path) make_executable(remote_path) remote_path end |