Class: Bolt::Shell::Bash

Inherits:
Bolt::Shell show all
Defined in:
lib/bolt/shell/bash.rb,
lib/bolt/shell/bash/tmpdir.rb

Defined Under Namespace

Classes: Tmpdir

Constant Summary collapse

CHUNK_SIZE =
4096

Instance Attribute Summary

Attributes inherited from Bolt::Shell

#conn, #logger, #target

Instance Method Summary collapse

Methods inherited from Bolt::Shell

#default_input_method, #envify_params, #select_implementation, #select_interpreter, #unwrap_sensitive_args

Constructor Details

#initialize(target, conn) ⇒ Bash

Returns a new instance of Bash.


11
12
13
14
15
16
17
# File 'lib/bolt/shell/bash.rb', line 11

def initialize(target, conn)
  super

  @run_as = nil
  @sudo_id = SecureRandom.uuid
  @sudo_password = @target.options['sudo-password'] || @target.password
end

Instance Method Details

#check_sudo(out, inp, stdin) ⇒ Object

See if there's a sudo prompt in the output If not, return the output


220
221
222
223
224
225
226
227
228
229
230
231
# File 'lib/bolt/shell/bash.rb', line 220

def check_sudo(out, inp, stdin)
  buffer = out.readpartial(CHUNK_SIZE)
  # Split on newlines, including the newline
  lines = buffer.split(/(?<=\n)/)
  # handle_sudo will return the line if it is not a sudo prompt or error
  lines.map! { |line| handle_sudo(inp, line, stdin) }
  lines.join
# If stream has reached EOF, no password prompt is expected
# return an empty string
rescue EOFError
  ''
end

#download(source, destination, options = {}) ⇒ Object


52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# File 'lib/bolt/shell/bash.rb', line 52

def download(source, destination, options = {})
  running_as(options[:run_as]) do
    download = File.join(destination, Bolt::Util.unix_basename(source))

    # If using run-as, the file is copied to a tmpdir and chowned to the
    # connecting user. This is a workaround for limitations in net-ssh that
    # only allow for downloading files as the connecting user, which is a
    # problem for users who cannot connect to targets as the root user.
    # This temporary copy should *always* be deleted.
    if run_as
      with_tmpdir(force_cleanup: true) do |dir|
        tmpfile = File.join(dir.to_s, Bolt::Util.unix_basename(source))

        result = execute(['cp', '-r', source, dir.to_s], sudoable: true)

        if result.exit_code != 0
          message = "Could not copy file '#{source}' to temporary directory '#{dir}': #{result.stderr.string}"
          raise Bolt::Node::FileError.new(message, 'CP_ERROR')
        end

        # We need to force the chown, otherwise this will just return
        # without doing anything since the chown user is the same as the
        # connecting user.
        dir.chown(conn.user, force: true)

        conn.download_file(tmpfile, destination, download)
      end
    # If not using run-as, we can skip creating a temporary copy and just
    # download the file directly.
    else
      conn.download_file(source, destination, download)
    end

    Bolt::Result.for_download(target, source, destination, download)
  end
end

#execute(command, sudoable: false, **options) ⇒ Object


344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
# File 'lib/bolt/shell/bash.rb', line 344

def execute(command, sudoable: false, **options)
  run_as = options[:run_as] || self.run_as
  escalate = sudoable && run_as && conn.user != run_as
  use_sudo = escalate && @target.options['run-as-command'].nil?

  # Depending on the transport, whether we're using sudo and whether
  # there are environment variables to set, we may need to stitch
  # together multiple commands into a single sh invocation
  commands = [inject_interpreter(options[:interpreter], command)]

  # Let the transport handle adding environment variables if it's custom.
  if options[:environment]
    if defined? conn.add_env_vars
      conn.add_env_vars(options[:environment])
    else
      env_decl = options[:environment].map do |env, val|
        "#{env}=#{Shellwords.shellescape(val)}"
      end.join(' ')
    end
  end

  if escalate
    sudo_str = if use_sudo
                 sudo_exec = target.options['sudo-executable'] || "sudo"
                 sudo_flags = [sudo_exec, "-S", "-H", "-u", run_as, "-p", sudo_prompt]
                 Shellwords.shelljoin(sudo_flags)
               else
                 Shellwords.shelljoin(@target.options['run-as-command'] + [run_as])
               end
    commands.unshift('cd') if conn.reset_cwd?
    commands.unshift(sudo_success(@sudo_id)) if options[:stdin] && !options[:wrapper]
  end

  command_str = if sudo_str || env_decl
                  "sh -c #{Shellwords.shellescape(commands.join('; '))}"
                else
                  commands.last
                end

  command_str = [sudo_str, env_decl, command_str].compact.join(' ')

  @logger.trace { "Executing `#{command_str}`" }

  in_buffer = if !use_sudo && options[:stdin]
                String.new(options[:stdin], encoding: 'binary')
              else
                String.new(encoding: 'binary')
              end
  # Chunks of this size will be read in one iteration
  index = 0
  timeout = 0.1
  result_output = Bolt::Node::Output.new

  inp, out, err, t = conn.execute(command_str)
  read_streams = { out => String.new,
                   err => String.new }
  write_stream = in_buffer.empty? ? [] : [inp]

  # See if there's a sudo prompt
  if use_sudo
    ready_read = select([err], nil, nil, timeout * 5)
    to_print = check_sudo(err, inp, options[:stdin]) if ready_read
    unless to_print.nil?
      log_stream(to_print, 'err')
      read_streams[err]           << to_print
      result_output.merged_output << to_print
    end
  end

  # True while the process is running or waiting for IO input
  while t.alive?
    # See if we can read from out or err, or write to in
    ready_read, ready_write, = select(read_streams.keys, write_stream, nil, timeout)

    ready_read&.each do |stream|
      stream_name = stream == out ? 'out' : 'err'
      # Check for sudo prompt
      to_print = if use_sudo
                   check_sudo(stream, inp, options[:stdin])
                 else
                   stream.readpartial(CHUNK_SIZE)
                 end
      log_stream(to_print, stream_name)
      read_streams[stream]        << to_print
      result_output.merged_output << to_print
    rescue EOFError
    end

    # select will either return an empty array if there are no
    # writable streams or nil if no IO object is available before the
    # timeout is reached.
    writable = if ready_write.respond_to?(:empty?)
                 !ready_write.empty?
               else
                 !ready_write.nil?
               end

    begin
      if writable && index < in_buffer.length
        to_print = in_buffer[index..-1]
        # On Windows, select marks the input stream as writable even if
        # it's full. We need to check whether we received wait_writable
        # and treat that as not having written anything.
        written = inp.write_nonblock(to_print, exception: false)
        index += written unless written == :wait_writable

        if index >= in_buffer.length && !write_stream.empty?
          inp.close
          write_stream = []
        end
      end
    # If a task has stdin as an input_method but doesn't actually read
    # from stdin, the task may return and close the input stream before
    # we finish writing
    rescue Errno::EPIPE
      write_stream = []
    end
  end
  # Read any remaining data in the pipe. Do not wait for
  # EOF in case the pipe is inherited by a child process.
  read_streams.each do |stream, _|
    stream_name = stream == out ? 'out' : 'err'
    loop {
      to_print = stream.read_nonblock(CHUNK_SIZE)
      log_stream(to_print, stream_name)
      read_streams[stream]        << to_print
      result_output.merged_output << to_print
    }
  rescue Errno::EAGAIN, EOFError
  end
  result_output.stdout << read_streams[out]
  result_output.stderr << read_streams[err]
  result_output.exit_code = t.value.respond_to?(:exitstatus) ? t.value.exitstatus : t.value

  case result_output.exit_code
  when 0
    @logger.trace { "Command `#{command_str}` returned successfully" }
  when 126
    msg = "\n\nThis might be caused by the default tmpdir being mounted "\
      "using 'noexec'. See http://pup.pt/task-failure for details and workarounds."
    result_output.stderr        << msg
    result_output.merged_output << msg
    @logger.trace { "Command #{command_str} failed with exit code #{result_output.exit_code}" }
  else
    @logger.trace { "Command #{command_str} failed with exit code #{result_output.exit_code}" }
  end
  result_output
rescue StandardError
  # Ensure we close stdin and kill the child process
  inp&.close
  t&.terminate if t&.alive?
  @logger.trace { "Command aborted" }
  raise
end

#handle_sudo(stdin, err, sudo_stdin) ⇒ Object

If prompted for sudo password, send password to stdin and return an empty string. Otherwise, check for sudo errors and raise Bolt error. If sudo_id is detected, that means the task needs to have stdin written. If error is not sudo-related, return the stderr string to be added to node output


189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
# File 'lib/bolt/shell/bash.rb', line 189

def handle_sudo(stdin, err, sudo_stdin)
  if err.include?(sudo_prompt)
    # A wild sudo prompt has appeared!
    if @sudo_password
      stdin.write("#{@sudo_password}\n")
      ''
    else
      raise Bolt::Node::EscalateError.new(
        "Sudo password for user #{conn.user} was not provided for #{target}",
        'NO_PASSWORD'
      )
    end
  elsif err =~ /^#{@sudo_id}/
    if sudo_stdin
      begin
        stdin.write("#{sudo_stdin}\n")
        stdin.close
      # If a task has stdin as an input_method but doesn't actually read
      # from stdin, the task may return and close the input stream before
      # we finish writing
      rescue Errno::EPIPE
      end
    end
    ''
  else
    handle_sudo_errors(err)
  end
end

#handle_sudo_errors(err) ⇒ Object


233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
# File 'lib/bolt/shell/bash.rb', line 233

def handle_sudo_errors(err)
  case err
  when /^#{conn.user} is not in the sudoers file\./
    @logger.trace { err }
    raise Bolt::Node::EscalateError.new(
      "User #{conn.user} does not have sudo permission on #{target}",
      'SUDO_DENIED'
    )
  when /^Sorry, try again\./
    @logger.trace { err }
    raise Bolt::Node::EscalateError.new(
      "Sudo password for user #{conn.user} not recognized on #{target}",
      'BAD_PASSWORD'
    )
  else
    # No need to raise an error - just return the string
    err
  end
end

#inject_interpreter(interpreter, command) ⇒ Object

Returns string with the interpreter conditionally prepended


336
337
338
339
340
341
342
# File 'lib/bolt/shell/bash.rb', line 336

def inject_interpreter(interpreter, command)
  if interpreter
    command = Array(command).unshift(interpreter).flatten
  end

  command.is_a?(String) ? command : Shellwords.shelljoin(command)
end

#make_executable(path) ⇒ Object


286
287
288
289
290
291
292
# File 'lib/bolt/shell/bash.rb', line 286

def make_executable(path)
  result = execute(['chmod', 'u+x', path])
  if result.exit_code != 0
    message = "Could not make file '#{path}' executable: #{result.stderr.string}"
    raise Bolt::Node::FileError.new(message, 'CHMOD_ERROR')
  end
end

#make_tmpdirObject


294
295
296
297
298
299
300
301
302
303
304
305
306
# File 'lib/bolt/shell/bash.rb', line 294

def make_tmpdir
  tmpdir = @target.options.fetch('tmpdir', '/tmp')
  script_dir = @target.options.fetch('script-dir', SecureRandom.uuid)
  tmppath = File.join(tmpdir, script_dir)
  command = ['mkdir', '-m', 700, tmppath]

  result = execute(command)
  if result.exit_code != 0
    raise Bolt::Node::FileError.new("Could not make tmpdir: #{result.stderr.string}", 'TMPDIR_ERROR')
  end
  path = tmppath || result.stdout.string.chomp
  Bolt::Shell::Bash::Tmpdir.new(self, path)
end

#make_wrapper_stringio(task_path, stdin, interpreter = nil) ⇒ Object


253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
# File 'lib/bolt/shell/bash.rb', line 253

def make_wrapper_stringio(task_path, stdin, interpreter = nil)
  if interpreter
    StringIO.new(<<~SCRIPT)
      #!/bin/sh
      #{Array(interpreter).map { |word| "'#{word}'" }.join(' ')} '#{task_path}' <<'EOF'
      #{stdin}
      EOF
    SCRIPT
  else
    StringIO.new(<<~SCRIPT)
      #!/bin/sh
      '#{task_path}' <<'EOF'
      #{stdin}
      EOF
    SCRIPT
  end
end

#provided_featuresObject


19
20
21
# File 'lib/bolt/shell/bash.rb', line 19

def provided_features
  ['shell']
end

#run_asObject

This method allows the @run_as variable to be used as a per-operation override for the user to run as. When @run_as is unset, the user specified on the target will be used.


274
275
276
# File 'lib/bolt/shell/bash.rb', line 274

def run_as
  @run_as || target.options['run-as']
end

#run_command(command, options = {}, position = []) ⇒ Object


23
24
25
26
27
28
29
30
31
32
# File 'lib/bolt/shell/bash.rb', line 23

def run_command(command, options = {}, position = [])
  running_as(options[:run_as]) do
    output = execute(command, environment: options[:env_vars], sudoable: true)
    Bolt::Result.for_command(target,
                             output.to_h,
                             'command',
                             command,
                             position)
  end
end

#run_script(script, arguments, options = {}, position = []) ⇒ Object


89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# File 'lib/bolt/shell/bash.rb', line 89

def run_script(script, arguments, options = {}, position = [])
  # unpack any Sensitive data
  arguments = unwrap_sensitive_args(arguments)

  running_as(options[:run_as]) do
    with_tmpdir do |dir|
      path = write_executable(dir.to_s, script)
      dir.chown(run_as)

      exec_args   = [path, *arguments]
      interpreter = select_interpreter(script, target.options['interpreters'])

      # Only use interpreter if script_interpreter config is enabled
      if options[:script_interpreter] && interpreter
        exec_args.unshift(interpreter).flatten!
        logger.trace("Running '#{script}' using '#{interpreter}' interpreter")
      end

      output = execute(exec_args, environment: options[:env_vars], sudoable: true)
      Bolt::Result.for_command(target,
                               output.to_h,
                               'script',
                               script,
                               position)
    end
  end
end

#run_task(task, arguments, options = {}, position = []) ⇒ Object


117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
# File 'lib/bolt/shell/bash.rb', line 117

def run_task(task, arguments, options = {}, position = [])
  implementation = select_implementation(target, task)
  executable = implementation['path']
  input_method = implementation['input_method']
  extra_files = implementation['files']

  running_as(options[:run_as]) do
    stdin, output = nil
    execute_options = {}
    execute_options[:interpreter] = select_interpreter(executable, target.options['interpreters'])
    interpreter_debug = if execute_options[:interpreter]
                          " using '#{execute_options[:interpreter]}' interpreter"
                        end
    # log the arguments with sensitive data redacted, do NOT log unwrapped_arguments
    logger.trace("Running '#{executable}' with #{arguments.to_json}#{interpreter_debug}")
    # unpack any Sensitive data
    arguments = unwrap_sensitive_args(arguments)

    with_tmpdir do |dir|
      if extra_files.empty?
        task_dir = dir
      else
        # TODO: optimize upload of directories
        arguments['_installdir'] = dir.to_s
        task_dir = File.join(dir.to_s, task.tasks_dir)
        dir.mkdirs([task.tasks_dir] + extra_files.map { |file| File.dirname(file['name']) })
        extra_files.each do |file|
          conn.upload_file(file['path'], File.join(dir.to_s, file['name']))
        end
      end

      if Bolt::Task::STDIN_METHODS.include?(input_method)
        stdin = JSON.dump(arguments)
      end

      if Bolt::Task::ENVIRONMENT_METHODS.include?(input_method)
        execute_options[:environment] = envify_params(arguments)
      end

      remote_task_path = write_executable(task_dir, executable)

      execute_options[:stdin] = stdin

      # Avoid the horrors of passing data on stdin via a tty on multiple platforms
      # by writing a wrapper script that directs stdin to the task.
      if stdin && target.options['tty']
        wrapper = make_wrapper_stringio(remote_task_path, stdin, execute_options[:interpreter])
        # Wrapper script handles interpreter and stdin. Delete these execute options
        execute_options.delete(:interpreter)
        execute_options.delete(:stdin)
        execute_options[:wrapper] = true
        remote_task_path = write_executable(dir, wrapper, 'wrapper.sh')
      end

      dir.chown(run_as)

      execute_options[:sudoable] = true if run_as
      output = execute(remote_task_path, **execute_options)
    end
    Bolt::Result.for_task(target, output.stdout.string,
                          output.stderr.string,
                          output.exit_code,
                          task.name,
                          position)
  end
end

#running_as(user) ⇒ Object

Run as the specified user for the duration of the block.


279
280
281
282
283
284
# File 'lib/bolt/shell/bash.rb', line 279

def running_as(user)
  @run_as = user
  yield
ensure
  @run_as = nil
end

#sudo_promptObject


499
500
501
# File 'lib/bolt/shell/bash.rb', line 499

def sudo_prompt
  '[sudo] Bolt needs to run as another user, password: '
end

#sudo_success(sudo_id) ⇒ Object


331
332
333
# File 'lib/bolt/shell/bash.rb', line 331

def sudo_success(sudo_id)
  "echo #{sudo_id} 1>&2"
end

#upload(source, destination, options = {}) ⇒ Object


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/bolt/shell/bash.rb', line 34

def upload(source, destination, options = {})
  running_as(options[:run_as]) do
    with_tmpdir do |dir|
      basename = File.basename(source)
      tmpfile = File.join(dir.to_s, basename)
      conn.upload_file(source, tmpfile)
      # pass over file ownership if we're using run-as to be a different user
      dir.chown(run_as)
      result = execute(['mv', '-f', tmpfile, destination], sudoable: true)
      if result.exit_code != 0
        message = "Could not move temporary file '#{tmpfile}' to #{destination}: #{result.stderr.string}"
        raise Bolt::Node::FileError.new(message, 'MV_ERROR')
      end
    end
    Bolt::Result.for_upload(target, source, destination)
  end
end

#with_tmpdir(force_cleanup: false) ⇒ Object

A helper to create and delete a tmpdir on the remote system. Yields the directory name.


318
319
320
321
322
323
324
325
326
327
328
329
# File 'lib/bolt/shell/bash.rb', line 318

def with_tmpdir(force_cleanup: false)
  dir = make_tmpdir
  yield dir
ensure
  if dir
    if target.options['cleanup'] || force_cleanup
      dir.delete
    else
      Bolt::Logger.warn("skip_cleanup", "Skipping cleanup of tmpdir #{dir}")
    end
  end
end

#write_executable(dir, file, filename = nil) ⇒ Object


308
309
310
311
312
313
314
# File 'lib/bolt/shell/bash.rb', line 308

def write_executable(dir, file, filename = nil)
  filename ||= File.basename(file)
  remote_path = File.join(dir.to_s, filename)
  conn.upload_file(file, remote_path)
  make_executable(remote_path)
  remote_path
end