Go back to using ~/.ansible/cp as the ControlPath

This was commented out earlier because of the lack of interprocess
locking and prepare_writeable_dir in v2.

The locking was not needed: it could only protect against other siblings
of this process (since they were all locking a temporary file that was
opened in the parent), and those would be running as the same user and
with the same umask. Also, os.makedirs() tolerates intermediate paths
being created by other processes. For any other kind of error, both
locking and non-locking code paths would fail in the same way.

So all we really need to do is make sure we have write permissions.

(We also move the cp_dir handling code to where we actually set the
ControlPath ourselves; if the user has set it via ssh_*args already,
we don't need to bother.)

1 files changed, 8 insertions, 6 deletions

diff --git a/lib/ansible/plugins/connections/ssh.py b/lib/ansible/plugins/connections/ssh.py
index 81440c819a..ee912374a7 100644
--- a/lib/ansible/plugins/connections/ssh.py
+++ b/lib/ansible/plugins/connections/ssh.py
@@ -37,6 +37,7 @@ from hashlib import sha1
 from ansible import constants as C
 from ansible.errors import AnsibleError, AnsibleConnectionFailure, AnsibleFileNotFound
 from ansible.plugins.connections import ConnectionBase
+from ansible.utils.path import unfrackpath, makedirs_safe
 
 class Connection(ConnectionBase):
     ''' ssh based connections '''
@@ -49,12 +50,6 @@ class Connection(ConnectionBase):
         self._common_args = []
         self.HASHED_KEY_MAGIC = "|1|"
 
-        # FIXME: move the lockfile locations to ActionBase?
-        #fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX)
-        #self.cp_dir = utils.prepare_writeable_dir('$HOME/.ansible/cp',mode=0700)
-        self._cp_dir = '/tmp'
-        #fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN)
-
         super(Connection, self).__init__(*args, **kwargs)
 
         self.host = self._play_context.remote_addr
@@ -126,11 +121,18 @@ class Connection(ConnectionBase):
                 cp_path_set = True
 
         if cp_in_use and not cp_path_set:
+            self._cp_dir = unfrackpath('$HOME/.ansible/cp')
+
             args = ("-o", "ControlPath=\"{0}\"".format(
                 C.ANSIBLE_SSH_CONTROL_PATH % dict(directory=self._cp_dir))
             )
             self.add_args("found only ControlPersist; added ControlPath", args)
 
+            # The directory must exist and be writable.
+            makedirs_safe(self._cp_dir, 0o700)
+            if not os.access(self._cp_dir, os.W_OK):
+                raise AnsibleError("Cannot write to ControlPath %s" % self._cp_dir)
+
         if not C.HOST_KEY_CHECKING:
             self.add_args(
                 "ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled",