Skip to content

A
ansible
Commit ba658ff3 by James Cammarata
Options

Merge branch 'amenonsen-connection-locking' into devel

parents 3e5b90c6 b9afbf0e
Showing with 29 additions and 13 deletions
lib/ansible/playbook/play_context.py
......@@ -24,6 +24,7 @@ __metaclass__ = type
import pipes
import random
import re
import tempfile
from ansible import constants as C
from ansible.errors import AnsibleError
......@@ -199,6 +200,10 @@ class PlayContext(Base):
self.password = passwords.get('conn_pass','')
self.become_pass = passwords.get('become_pass','')
# A temporary file (opened pre-fork) used by connection
# plugins for inter-process locking.
self.connection_lockf = tempfile.TemporaryFile()
# set options before play to allow play to override them
if options:
self.set_options(options)
......@@ -322,6 +327,11 @@ class PlayContext(Base):
return new_info
def copy(self, exclude_block=False):
new_me = super(PlayContext, self).copy()
new_me.connection_lockf = self.connection_lockf
return new_me
def make_become_cmd(self, cmd, executable=None):
""" helper function to create privilege escalation commands """
......
lib/ansible/plugins/connections/__init__.py
......@@ -155,3 +155,13 @@ class ConnectionBase(with_metaclass(ABCMeta, object)):
if incorrect_password in output:
raise AnsibleError('Incorrect %s password' % self._play_context.become_method)
def lock_connection(self):
f = self._play_context.connection_lockf
self._display.vvvv('CONNECTION: pid %d waiting for lock on %d' % (os.getpid(), f.fileno()))
fcntl.lockf(f.fileno(), fcntl.LOCK_EX)
self._display.vvvv('CONNECTION: pid %d acquired lock on %d' % (os.getpid(), f.fileno()))
def unlock_connection(self):
f = self._play_context.connection_lockf
fcntl.lockf(f.fileno(), fcntl.LOCK_UN)
self._display.vvvv('CONNECTION: pid %d released lock on %d' % (os.getpid(), f.fileno()))
lib/ansible/plugins/connections/paramiko_ssh.py
......@@ -71,16 +71,15 @@ class MyAddPolicy(object):
local L{HostKeys} object, and saving it. This is used by L{SSHClient}.
"""
def __init__(self, new_stdin):
def __init__(self, new_stdin, connection):
self._new_stdin = new_stdin
self.connection = connection
def missing_host_key(self, client, hostname, key):
if C.HOST_KEY_CHECKING:
# FIXME: need to fix lock file stuff
#fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX)
#fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_EX)
self.connection.lock_connection()
old_stdin = sys.stdin
sys.stdin = self._new_stdin
......@@ -94,17 +93,11 @@ class MyAddPolicy(object):
inp = raw_input(AUTHENTICITY_MSG % (hostname, ktype, fingerprint))
sys.stdin = old_stdin
self.connection.unlock_connection()
if inp not in ['yes','y','']:
# FIXME: lock file stuff
#fcntl.flock(self.runner.output_lockfile, fcntl.LOCK_UN)
#fcntl.flock(self.runner.process_lockfile, fcntl.LOCK_UN)
raise AnsibleError("host connection rejected by user")
# FIXME: lock file stuff
#fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_UN)
#fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN)
key._added_by_ansible_this_time = True
# existing implementation below:
......@@ -159,7 +152,7 @@ class Connection(ConnectionBase):
pass # file was not found, but not required to function
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin))
ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self))
allow_agent = True
......@@ -365,6 +358,9 @@ class Connection(ConnectionBase):
if C.HOST_KEY_CHECKING and C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added():
# add any new SSH host keys -- warning -- this could be slow
# (This doesn't acquire the connection lock because it needs
# to exclude only other known_hosts writers, not connections
# that are starting up.)
lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock")
dirname = os.path.dirname(self.keyfile)
makedirs_safe(dirname)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment