diff options
| author | James Cammarata <jimi@sngx.net> | 2015-09-03 00:20:33 -0400 |
|---|---|---|
| committer | James Cammarata <jimi@sngx.net> | 2015-09-03 00:20:33 -0400 |
| commit | ba658ff3a94badac8c49ca6dfdbd4e3129c403bb (patch) | |
| tree | a5255c9c7c1cb929eb6e480f92b7f4cfc27a6ed8 | |
| parent | 3e5b90c6fbbb343ddbc773453fc25210aabaa15e (diff) | |
| parent | b9afbf0ee468c0deb87a4fe316b92546db3fa554 (diff) | |
| download | ansible-ba658ff3a94badac8c49ca6dfdbd4e3129c403bb.tar.gz | |
Merge branch 'amenonsen-connection-locking' into devel
| -rw-r--r-- | lib/ansible/playbook/play_context.py | 10 | ||||
| -rw-r--r-- | lib/ansible/plugins/connections/__init__.py | 10 | ||||
| -rw-r--r-- | lib/ansible/plugins/connections/paramiko_ssh.py | 22 |
3 files changed, 29 insertions, 13 deletions
diff --git a/lib/ansible/playbook/play_context.py b/lib/ansible/playbook/play_context.py index 355efbaf26..5b56d2515b 100644 --- a/lib/ansible/playbook/play_context.py +++ b/lib/ansible/playbook/play_context.py @@ -24,6 +24,7 @@ __metaclass__ = type import pipes import random import re +import tempfile from ansible import constants as C from ansible.errors import AnsibleError @@ -199,6 +200,10 @@ class PlayContext(Base): self.password = passwords.get('conn_pass','') self.become_pass = passwords.get('become_pass','') + # A temporary file (opened pre-fork) used by connection + # plugins for inter-process locking. + self.connection_lockf = tempfile.TemporaryFile() + # set options before play to allow play to override them if options: self.set_options(options) @@ -322,6 +327,11 @@ class PlayContext(Base): return new_info + def copy(self, exclude_block=False): + new_me = super(PlayContext, self).copy() + new_me.connection_lockf = self.connection_lockf + return new_me + def make_become_cmd(self, cmd, executable=None): """ helper function to create privilege escalation commands """ diff --git a/lib/ansible/plugins/connections/__init__.py b/lib/ansible/plugins/connections/__init__.py index 1ad2876381..0e4b3466e5 100644 --- a/lib/ansible/plugins/connections/__init__.py +++ b/lib/ansible/plugins/connections/__init__.py @@ -155,3 +155,13 @@ class ConnectionBase(with_metaclass(ABCMeta, object)): if incorrect_password in output: raise AnsibleError('Incorrect %s password' % self._play_context.become_method) + def lock_connection(self): + f = self._play_context.connection_lockf + self._display.vvvv('CONNECTION: pid %d waiting for lock on %d' % (os.getpid(), f.fileno())) + fcntl.lockf(f.fileno(), fcntl.LOCK_EX) + self._display.vvvv('CONNECTION: pid %d acquired lock on %d' % (os.getpid(), f.fileno())) + + def unlock_connection(self): + f = self._play_context.connection_lockf + fcntl.lockf(f.fileno(), fcntl.LOCK_UN) + self._display.vvvv('CONNECTION: pid %d released lock on %d' % (os.getpid(), f.fileno())) diff --git a/lib/ansible/plugins/connections/paramiko_ssh.py b/lib/ansible/plugins/connections/paramiko_ssh.py index df97a6e3a5..214e6b5a03 100644 --- a/lib/ansible/plugins/connections/paramiko_ssh.py +++ b/lib/ansible/plugins/connections/paramiko_ssh.py @@ -71,16 +71,15 @@ class MyAddPolicy(object): local L{HostKeys} object, and saving it. This is used by L{SSHClient}. """ - def __init__(self, new_stdin): + def __init__(self, new_stdin, connection): self._new_stdin = new_stdin + self.connection = connection def missing_host_key(self, client, hostname, key): if C.HOST_KEY_CHECKING: - # FIXME: need to fix lock file stuff - #fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX) - #fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_EX) + self.connection.lock_connection() old_stdin = sys.stdin sys.stdin = self._new_stdin @@ -94,17 +93,11 @@ class MyAddPolicy(object): inp = raw_input(AUTHENTICITY_MSG % (hostname, ktype, fingerprint)) sys.stdin = old_stdin + self.connection.unlock_connection() + if inp not in ['yes','y','']: - # FIXME: lock file stuff - #fcntl.flock(self.runner.output_lockfile, fcntl.LOCK_UN) - #fcntl.flock(self.runner.process_lockfile, fcntl.LOCK_UN) raise AnsibleError("host connection rejected by user") - # FIXME: lock file stuff - #fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_UN) - #fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN) - - key._added_by_ansible_this_time = True # existing implementation below: @@ -159,7 +152,7 @@ class Connection(ConnectionBase): pass # file was not found, but not required to function ssh.load_system_host_keys() - ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin)) + ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self)) allow_agent = True @@ -365,6 +358,9 @@ class Connection(ConnectionBase): if C.HOST_KEY_CHECKING and C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added(): # add any new SSH host keys -- warning -- this could be slow + # (This doesn't acquire the connection lock because it needs + # to exclude only other known_hosts writers, not connections + # that are starting up.) lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock") dirname = os.path.dirname(self.keyfile) makedirs_safe(dirname) |