Commit Graph

47 Commits

Author SHA1 Message Date
David Wilson 04b65020ac issue #278: ansible: support mitogen_ssh_debug_level variable. 2018-06-22 16:32:24 +01:00
David Wilson 2fbe1f1b54 Get integration tests running under 2.6.
Closes #270
Closes #273
2018-06-19 18:46:30 +01:00
David Wilson e35694acd5 ansible: flake8 fixes. 2018-06-10 01:22:46 +01:00
David Wilson caffaa79f7 issue #186: rework async/forked tasks again.
The controller must know the ID of the forked child in order to
propagate dependencies to it, so forking+starting the module run cannot
happen entirely on the target, without some additional mechanism to
wait-and-repropagate the deps as they arrive on the target.

Rework things so that init_child() also handles starting the fork parent,
and returns it along with the context's home directory in a single round
trip.

Now master knows the identity of the fork parent, it can directly create
fork children and call run_module_async() in them. This necessitates 2
roundtrips to start an asynchronous task.

This whole thing sucks and entirely needs simplified, but for now things
almost work, so keeping it.

connection.py:
  * Expect ContextService to return the entire dict return value of
    init_child(). Store the fork_contxt from the return value.

planner.py:
  * Rework Planner to store the invocation as an instance attribute, to
    simplify method calls.
  * Add Planner.get_push_files() and Planner.get_module_deps().
  * Add _propagate_deps() which takes a Planner and ensures the deps it
    describes are sent to a (non forked or forked) context.
  * Move async task logic out of target.py and into invoke() /
    _invoke_*().

process.py:
  * Services no longer need references to each other. planner.py handles
    sending module deps with one extra RPC.

services.py:
  * Return "init_child_result" key instead of simple "home_dir" key.
  * Get rid of dep propagation from ModuleDepService, it lives in
    planner.py now.

target.py:
  * Get rid of async task start logic, lives in planner.py now.
2018-06-09 22:11:26 +01:00
David Wilson d9087c510b ansible: move FileService into mitogen.service. 2018-05-29 17:07:58 +01:00
David Wilson 3b0addcfb0 service: v2. Closes #213 2018-05-28 05:38:33 +01:00
David Wilson 49eae23f92 issue #218: ansibe: use Secret and Blob types. 2018-05-04 22:51:54 +01:00
David Wilson 8bd34e1e28 ansible: gracefully report connection timeouts as StreamError. 2018-05-03 00:06:51 +01:00
David Wilson 4d1c6d2101 issue #127: ssh: reasonable solution to host key checking.
Ideally it would be possible to specify a callback function, but this is
not possible for proxied connections. So simply provide the 3 most
useful modes, defaulting to the most secure.

Closes #127. Closes #134.
2018-05-02 17:47:06 +01:00
David Wilson 78c401ba4d ansible: support su become method. 2018-05-02 03:49:44 +01:00
David Wilson b0309b539c ansible: disable interpreter recycling for connections.
Must explicitly specify enable_lru=True in ContextService.get() to
trigger recycling.
2018-04-29 09:53:16 +01:00
David Wilson 65e6a44fe7 docs: add links. 2018-04-29 02:31:32 +01:00
David Wilson c85a5b6446 ansible: make call timing more readable 2018-04-29 02:17:10 +01:00
David Wilson bba2a42e44 ansible: add mitogen_sudo method, split out connection subclasses.
Slowly moving towards real implementations in those files.
2018-04-29 01:45:52 +01:00
David Wilson 7c5bbc5168 setns: support changing user.
To match existing third party plugin.
2018-04-29 00:38:53 +01:00
David Wilson 219a202a82 issue #226: ansible: file transfer improvements
* put_data() supports setting mode and times.
* put_file() refuses to copy non-regular files (sockets, FIFOs).
* put_file() saves one RTT for <32KiB files by using put_data() and
  embedding file content in argument list.
* FileService returns dict with size/mode/owner/group/mtime/atime.
* FileService refuses to copy non-regular files.
* transfer_file() preserves file mode.
* transfer_file() preserves atime/mtime.
* transfer_file() optionally preserves ownership.
* transfer_file() optionally calls fsync().
* transfer_file() uses unique temporary file name to avoid conflicting
  with parallel transfers.
* transfer_file() ensures temporary file is deleted on any error.
* write_path() writes to a temporary file and deletes it on failure.
* write_path() uses unique temporary file name to avoid conflicting
  with parallel transfers.
* write_path() supports setting symbolic owner/group.
* write_path() optionally calls fsync().
* write_path() supports setting symbolic mode/mtime/atime.

Closes #226, #227, #229
2018-04-28 21:33:43 +01:00
David Wilson 098995539d ansible: implement FreeBSD jail support. 2018-04-27 06:21:10 +01:00
David Wilson b1563cd8c1 ansible: hijack lxd connections too. 2018-04-27 04:45:40 +01:00
David Wilson 131bc768c7 ansible: implement LXC support. 2018-04-27 04:40:56 +01:00
David Wilson 4893889a88 ansible: remove vestiges of old/wrong sudo_exe source. 2018-04-27 01:42:20 +01:00
David Wilson 3fab8a3af5 ansible: connection delegation v1
This implements the first edition of Connection Delegation, where
delegating connection establishment is initially single-threaded.

ansible_mitogen/strategy.py:
ansible_mitogen/plugins/connection/*:

  Begin splitting connection.Connection into subclasses, exposing them
  directly as "mitogen_ssh", "mitogen_local", etc. connection types.

  This is far from removing strategy.py, but it's a tiny start.

ansible_mitogen/connection.py:

  * config_from_play_context() and config_from_host_vars() build up a
    huge dictionary containing either more or less PlayContext contents,
    or our best attempt at reconstructing a host's connection config
    from its hostvars, where that config is not the current
    WorkerProcess target.

    They both produce the same format with the same keys, allowing
    remaining code to have a single input format.

    These dicts contain fields named after how Ansible refers to them,
    e.g. "sudo_exe".

  * _config_from_via() parses a basic connection specification like
    "username@inventory_name" into one of the aforementioned dicts.

  * _stack_from_config() produces a list of dicts describing the order
    in which (Mitogen) connections should be established, such that each
    element is proxied via= the previous element. The dicts produced by
    this function use Mitogen keyword arguments, the former di.

    These dicts contain fields named after how Mitogen refers to them,
    e.g. "sudo_path".

  * Pass the stack to ContextService, which is responsible for actual
    setup of the full chain.

ansible_mitogen/services.py:

  Teach get() to walk the supplied stack, establishing each connection
  in turn, creating refounts for it before continuing.

  TODO: refcounting is broken in a variety of cases.
2018-04-27 01:23:23 +01:00
David Wilson cb73c44084 ansible: implement streaming in Connection.put_file().
This is the function the copy module uses.
2018-04-22 02:48:06 +01:00
David Wilson cc980569a3 issue #159: initial context LRU implementation
Now Connection.close() *must* be called in the worker, to ensure the
reference count for a context drops correctly.

Remove 'discriminator' for now, I'm not using it for testing any more
and it complicated this code.

This code is a car crash, it needs rewritten again. Ideally some/most of
this behaviour could live on services.DeduplicatingService somehow, but
I couldn't come up with a sensible design.
2018-04-13 13:49:16 +01:00
David Wilson e119058d9b issue #182: ensure connection is reset during with_items.
Elements of a with_items loop reuse one WorkerProcess to execute every
iteration, requiring us to reset Connection's idea of the connection on
each iteration, otherwise the tasks will erroneously execute in the
wrong context.
2018-04-12 12:15:02 +01:00
David Wilson 98ee3e177a ansible: tests for sudo behaviour; closes #143. 2018-04-09 15:04:40 +01:00
David Wilson 3613162bc0 ansible: enable forking when requested and for async jobs.
Closes #105.
References #155.

mitogen/service.py:
    Refactor services to support individually exposed methods with
    different security policies for each method.

    - @mitogen.service.expose() to expose a method and set its policy
    - @mitogen.service.arg_spec() to validate input.
    - Require basic service message format to be a tuple of
      `(method, kwargs)`, where kwargs is always a dict.
    - Update DeduplicatingService to match the new scheme.

ansible_mitogen/connection.py:
    - Rename 'method' to 'method_name' to disambiguate it from the
      service.call()'s method= argument.

ansible_mitogen/planner.py:
    - Generate an ID for every job, sync or not, and fetch job results
      from JobResultService rather than via the initiating function
      call's return value.
    - Planner subclasses now get to select whether their Runner should
      run in a forked process. The base implementation requests this if
      the 'mitogen_isolation_mode=fork' task variable is present.

ansible_mitogen/runner.py:
    Teach runners to deliver their result via JobResultService executing
    in their indirect parent mux process.

ansible_mitogen/plugins/actions/mitogen_async_status.py:
    Split the implementation up into methods, and more compatibly
    emulate Ansible's existing output.

ansible_mitogen/process.py:
    Mux processes now host JobResultService.

ansible_mitogen/services.py:
    Update existing services to the new mitogen.service scheme, and
    implement JobResultService:

    * listen() method for synchronous jobs. planner.invoke() registers a
      Sender with the service prior to invoking the job, then sleeps
      waiting for the service to write the job result to the
      corresponding Receiver.

    * Non-blocking get() method for implementing mitogen_async_status
      action.

    * Child-accessible push() method for delivering task results.

ansible_mitogen/target.py:
    New helpers for spawning a virginal subprocess on startup, from
    which asynchronous and mitogen_task_isolation=fork jobs are forked.
    Necessary to avoid a task inheriting potentially
    polluted/monkey-patched parent environment, since remaining jobs
    continue to run in the original child process.

docs/ansible.rst:
    Add/merge/remove some behaviours/risks.

tests/ansible/integration:
    New tests for forking/async.
2018-04-09 00:03:09 +01:00
David Wilson 71057c78f9 ansible: rename helpers.py to target.py, to reflect its purpose 2018-04-08 19:34:03 +01:00
David Wilson 7fd88868a6 ansible: raise AnsibleConnectionFailure on connection failure; closes #183
Before:

    $ ANSIBLE_STRATEGY=mitogen ansible -i derp, derp -m setup
    An exception occurred during task execution. To see the full traceback, use -vvv. The error was:     (''.join(bits)[-300:],)
    derp | FAILED! => {
        "msg": "Unexpected failure during module execution.",
        "stdout": ""
    }

After:

    $ ANSIBLE_STRATEGY=mitogen ansible -i derp, derp -m setup
    derp | UNREACHABLE! => {
        "changed": false,
        "msg": "EOF on stream; last 300 bytes received: 'ssh: Could not resolve hostname derp: nodename nor servname provided, or not known\\r\\n'",
        "unreachable": true
    }
2018-04-05 20:14:14 +01:00
David Wilson 6aeb4e9f05 issue #164: precisely emulate Ansible's stdio behaviour.
* Use identical logic to select when stdout/stderr are merged, so
  'stdout', 'stdout_lines', 'stderr', 'stderr_lines' contain the same
  output before/after the extension.

* When stdout/stderr are merged, synthesize carriage returns just like
  the TTY layer.

* Mimic the SSH connection multiplexing message on stderr. Not really
  for user code, but so compare_output_test.sh needs fewer fixups.
2018-04-05 01:16:34 +01:00
David Wilson 2470f486e1 issue 106: ansible: make the context name available
For use later to track/deduplicate streaming uploads to targets.
2018-04-01 16:39:10 +01:00
David Wilson 6eed3aa1fa issue #177: fetch and cache HOME value during connection setup.
This ensures only 1 roundtrip is required for every invocation of
_remote_expand_user().
2018-04-01 15:57:46 +01:00
Wesley Moore 3d5bbb9a63 Use become_pass for sudo password 2018-03-30 13:00:43 +11:00
David Wilson 198bec3320 issue #168: ansible: Mitogen must also ignore the extra arguments. 2018-03-26 11:51:19 +05:45
David Wilson c183f06dfb issue #152: respect the Ansible-selected interpreter for local connections too. 2018-03-19 21:58:35 +05:45
David Wilson 7a394dc73e ansible: allow establishment of duplicate SSH connections 2018-03-19 21:58:35 +05:45
David Wilson 86ede62241 issue #150: introduce separate connection multiplexer process
This is a work in progress.
2018-03-19 21:58:35 +05:45
David Wilson 4691ce0b95 issue #150: ansible: add basic Docker support. 2018-03-19 21:58:34 +05:45
David Wilson cd455e8c58 ansible: minor tidy up 2018-03-19 21:58:34 +05:45
David Wilson 3584084be6 issue #140: explicit Broker management, and guard against crap plug-ins.
Implement Connection.__del__, which is almost certainly going to trigger
more bugs down the line, because the state of the Connection instance is
not guranteed during __del__. Meanwhile, it is temporarily needed for
deployed-today Ansibles that have a buggy synchronize action that does
not call Connection.close().

A better approach to this would be to virtualize the guts of Connection,
and move its management to one central place where we can guarantee
resource destruction happens reliably, but that may entail another
Ansible monkey-patch to give us such a reliable hook.
2018-03-19 21:58:34 +05:45
David Wilson 88c198ea05 issue #141: copy Ansible's connect_timeout for sudo too. 2018-03-19 21:58:34 +05:45
David Wilson 7d12154a92 ansible: fix formatting 2018-03-19 21:58:33 +05:45
David Wilson 12c6e574fb ansible: disable host key checking for now
Need a better story (perhaps a callback function?) for handling this.
2018-03-19 21:58:33 +05:45
David Wilson b63af1de85 ansible: implement _transfer_data for <2.4 template action 2018-03-19 21:58:33 +05:45
David Wilson 3ddbf1a503 ansible: basic support for ssh_args 2018-03-19 21:58:32 +05:45
David Wilson da00437f1e ansible: Support ansible_ssh_private_key_file 2018-03-19 21:58:32 +05:45
David Wilson a87b665099 ansible: limited support for become_flags, more docs. 2018-03-19 21:58:32 +05:45
David Wilson bde6f888a0 ansible: restructure package to avoid yet more madness
Ansible's PluginLoader makes up bullshit when it imports a module
(mostly because it has to make up something), therefore we ended up with
duplicate copies of ansible_mitogen loaded: one under
ansible.plugins.*.mitogen, and one under the canonical namespace.

Which broke isinstance().
2018-03-19 21:58:32 +05:45