foreman_remote_execution_core 1.3.1 → 1.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e1576329ece4e20e9506b989b77557686d030c329c71f70386c7415e93a73e24
-  data.tar.gz: 4021d34ddbaa469bb1f4152c0a3c404c976a97910422a6fd60868661992ab774
+  metadata.gz: f9959aa1c94136ee271de608d9f9767f46e0c6d628f8a043420dfac7e54177c8
+  data.tar.gz: 7a961ebb1cf1b044e005f43b3ce727b9966fbcf7c17bfcd21307a20db408b662
 SHA512:
-  metadata.gz: b0ce710cc252baca86acb51cfe294b76f8de319b5516bc8f303252fff52a8ef1e074c34ea00f7bd179b2811dc85daf292035a2736cb421046aa46e2a37137d73
-  data.tar.gz: 65092102cb80436b6de9ce165905e8d87c387bf70256b244224d780cd2335f43b0323a06afed5c72e78fa8297566dcbe01f0624dee89b25645d8e2bf292d91a4
+  metadata.gz: d3d3cbc724bf1d38f8d9e9a2ef0be35fa604ee8482ec7036a3b6d23cd97b86fb405ff7de4bc9b2c988b8036c6b7ef14d9dcbb2fec8899d14c1668620be8b50fe
+  data.tar.gz: 5abf6e164e855b066efdd70bf7b0770acc62ed76aa3c742a28f6b546f79f4042e9e98d4c4f59da06b96bcb66061f124f8a4e7e4b2575057c393dc8ae9a3ea707

data/lib/foreman_remote_execution_core.rb

@@ -1,82 +1,8 @@
-require 'foreman_tasks_core'
-
 module ForemanRemoteExecutionCore
-  extend ForemanTasksCore::SettingsLoader
-  register_settings([:remote_execution_ssh, :smart_proxy_remote_execution_ssh_core],
-    :ssh_identity_key_file   => '~/.ssh/id_rsa_foreman_proxy',
-    :ssh_user                => 'root',
-    :remote_working_dir      => '/var/tmp',
-    :local_working_dir       => '/var/tmp',
-    :kerberos_auth           => false,
-    :async_ssh               => false,
-    # When set to nil, makes REX use the runner's default interval
-    :runner_refresh_interval => nil,
-    :ssh_log_level           => :fatal,
-    :cleanup_working_dirs    => true)
-
-  SSH_LOG_LEVELS = %w(debug info warn error fatal).freeze
-
-  def self.simulate?
-    %w(yes true 1).include? ENV.fetch('REX_SIMULATE', '').downcase
-  end
+  require 'smart_proxy_remote_execution_ssh'
+  require 'foreman_remote_execution_core/actions'
 
-  def self.validate_settings!
-    super
-    self.validate_ssh_log_level!
-    @settings[:ssh_log_level] = @settings[:ssh_log_level].to_sym
+  def self.settings
+    Proxy::RemoteExecution::Ssh::Plugin.settings
   end
-
-  def self.validate_ssh_log_level!
-    wanted_level = @settings[:ssh_log_level].to_s
-    unless SSH_LOG_LEVELS.include? wanted_level
-      raise "Wrong value '#{@settings[:ssh_log_level]}' for ssh_log_level, must be one of #{SSH_LOG_LEVELS.join(', ')}"
-    end
-
-    current = if defined?(::Proxy::SETTINGS)
-                ::Proxy::SETTINGS.log_level.to_s.downcase
-              elsif defined?(SmartProxyDynflowCore)
-                SmartProxyDynflowCore::SETTINGS.log_level.to_s.downcase
-              else
-                Rails.configuration.log_level.to_s
-              end
-
-    # regular log levels correspond to upcased ssh logger levels
-    ssh, regular = [wanted_level, current].map do |wanted|
-      SSH_LOG_LEVELS.each_with_index.find { |value, _index| value == wanted }.last
-    end
-
-    if ssh < regular
-      raise 'ssh_log_level cannot be more verbose than regular log level'
-    end
-  end
-
-  def self.runner_class
-    @runner_class ||= if simulate?
-                        FakeScriptRunner
-                      elsif settings[:async_ssh]
-                        PollingScriptRunner
-                      else
-                        ScriptRunner
-                      end
-  end
-
-  if ForemanTasksCore.dynflow_present?
-    require 'foreman_tasks_core/runner'
-    require 'foreman_remote_execution_core/log_filter'
-    if simulate?
-      # Load the fake implementation of the script runner if debug is enabled
-      require 'foreman_remote_execution_core/fake_script_runner'
-    else
-      require 'foreman_remote_execution_core/script_runner'
-      require 'foreman_remote_execution_core/polling_script_runner'
-    end
-    require 'foreman_remote_execution_core/dispatcher'
-    require 'foreman_remote_execution_core/actions'
-
-    if defined?(::SmartProxyDynflowCore)
-      SmartProxyDynflowCore::TaskLauncherRegistry.register('ssh', ForemanTasksCore::TaskLauncher::Batch)
-    end
-  end
-
-  require 'foreman_remote_execution_core/version'
 end

data/lib/foreman_remote_execution_core/actions.rb

@@ -1,20 +1,6 @@
-require 'foreman_tasks_core/shareable_action'
-
 module ForemanRemoteExecutionCore
   module Actions
-    class RunScript < ForemanTasksCore::Runner::Action
-      def initiate_runner
-        additional_options = {
-          :step_id => run_step_id,
-          :uuid => execution_plan_id,
-        }
-        ForemanRemoteExecutionCore.runner_class.build(input.merge(additional_options),
-          suspended_action: suspended_action)
-      end
-
-      def runner_dispatcher
-        ForemanRemoteExecutionCore::Dispatcher.instance
-      end
-    end
+    require 'smart_proxy_remote_execution_ssh/actions/run_script'
+    RunScript = Proxy::RemoteExecution::Ssh::Actions::RunScript
   end
 end

data/lib/foreman_remote_execution_core/version.rb

@@ -1,3 +1,3 @@
 module ForemanRemoteExecutionCore
-  VERSION = '1.3.1'.freeze
+  VERSION = '1.5.0'.freeze
 end

metadata

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: foreman_remote_execution_core
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.5.0
 platform: ruby
 authors:
 - Ivan Nečas
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-14 00:00:00.000000000 Z
+date: 2021-06-07 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: bcrypt_pbkdf
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ed25519
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: foreman-tasks-core
   requirement: !ruby/object:Gem::Requirement
@@ -38,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: smart_proxy_remote_execution_ssh
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
 description: "  Ssh remote execution provider code sharable between Foreman and Foreman-Proxy\n"
 email:
 - inecas@redhat.com
@@ -48,19 +90,12 @@ files:
 - LICENSE
 - lib/foreman_remote_execution_core.rb
 - lib/foreman_remote_execution_core/actions.rb
-- lib/foreman_remote_execution_core/async_scripts/control.sh
-- lib/foreman_remote_execution_core/async_scripts/retrieve.sh
-- lib/foreman_remote_execution_core/dispatcher.rb
-- lib/foreman_remote_execution_core/fake_script_runner.rb
-- lib/foreman_remote_execution_core/log_filter.rb
-- lib/foreman_remote_execution_core/polling_script_runner.rb
-- lib/foreman_remote_execution_core/script_runner.rb
 - lib/foreman_remote_execution_core/version.rb
 homepage: https://github.com/theforeman/foreman_remote_execution
 licenses:
 - GPL-3.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -75,8 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.1.2
+signing_key:
 specification_version: 4
 summary: Foreman remote execution - core bits
 test_files: []

data/lib/foreman_remote_execution_core/async_scripts/control.sh

@@ -1,110 +0,0 @@
-#!/bin/sh
-#
-# Control script for the remote execution jobs.
-#
-# The initial script calls `$CONTROL_SCRIPT init-script-finish` once the original script exits.
-# In automatic mode, the exit code is sent back to the proxy on `init-script-finish`.
-#
-# What the script provides is also a manual mode, where the author of the rex script can take
-# full control of the job lifecycle. This allows keeping the marked as running even when
-# the initial script finishes.
-#
-# The manual mode is turned on by calling `$CONTROL_SCRIPT manual-control`. After calling this,
-# one can call `echo message | $CONTROL_SCRIPT update` to send output to the remote execution jobs
-# and `$CONTROL_SCRIPT finish 0` once finished (with 0 as exit code) to send output to the remote execution jobs
-# and `$CONTROL_SCRIPT finish 0` once finished (with 0 as exit code)
-BASE_DIR="$(dirname "$(readlink -f "$0")")"
-
-if ! command -v curl >/dev/null; then
-    echo 'curl is required' >&2
-    exit 1
-fi
-
-# send the callback data to proxy
-update() {
-    "$BASE_DIR/retrieve.sh" push_update
-}
-
-# wait for named pipe $1 to retrieve data. If $2 is provided, it serves as timeout
-# in seconds on how long to wait when reading.
-wait_for_pipe() {
-    pipe_path=$1
-    if [ -n "$2" ]; then
-        timeout="-t $2"
-    fi
-    if read $timeout <>"$pipe_path"; then
-        rm "$pipe_path"
-        return 0
-    else
-        return 1
-    fi
-}
-
-# function run in background, when receiving update data via STDIN.
-periodic_update() {
-    interval=1
-    # reading some data from periodic_update_control signals we're done
-    while ! wait_for_pipe "$BASE_DIR/periodic_update_control" "$interval"; do
-        update
-    done
-    # one more update before we finish
-    update
-    # signal the main process that we are finished
-    echo > "$BASE_DIR/periodic_update_finished"
-}
-
-# signal the periodic_update process that the main process is finishing
-periodic_update_finish() {
-    if [ -e "$BASE_DIR/periodic_update_control" ]; then
-       echo > "$BASE_DIR/periodic_update_control"
-    fi
-}
-
-ACTION=${1:-finish}
-
-case "$ACTION" in
-    init-script-finish)
-        if ! [ -e "$BASE_DIR/manual_mode" ]; then
-            # make the exit code of initialization script the exit code of the whole job
-            cp init_exit_code exit_code
-            update
-        fi
-        ;;
-    finish)
-        # take exit code passed via the command line, with fallback
-        # to the exit code of the initialization script
-        exit_code=${2:-$(cat "$BASE_DIR/init_exit_code")}
-        echo $exit_code > "$BASE_DIR/exit_code"
-        update
-        if [ -e "$BASE_DIR/manual_mode" ]; then
-            rm "$BASE_DIR/manual_mode"
-        fi
-        ;;
-    update)
-        # read data from input when redirected though a pipe
-        if ! [ -t 0 ]; then
-            # couple of named pipes to coordinate the main process with the periodic_update
-            mkfifo "$BASE_DIR/periodic_update_control"
-            mkfifo "$BASE_DIR/periodic_update_finished"
-            trap "periodic_update_finish" EXIT
-            # run periodic update as separate process to keep sending updates in output to server
-            periodic_update &
-            # redirect the input into output
-            tee -a "$BASE_DIR/output"
-            periodic_update_finish
-            # ensure the periodic update finished before we return
-            wait_for_pipe "$BASE_DIR/periodic_update_finished"
-        else
-            update
-        fi
-        ;;
-    # mark the script to be in manual mode: this means the script author needs to use `update` and `finish`
-    # commands to send output to the remote execution job or mark it as finished.
-    manual-mode)
-        touch "$BASE_DIR/manual_mode"
-        ;;
-    *)
-        echo "Unknown action $ACTION"
-        exit 1
-        ;;
-esac

data/lib/foreman_remote_execution_core/async_scripts/retrieve.sh

@@ -1,151 +0,0 @@
-#!/bin/sh
-
-if ! pgrep --help 2>/dev/null >/dev/null; then
-    echo DONE 1
-    echo "pgrep is required" >&2
-    exit 1
-fi
-
-BASE_DIR="$(dirname "$(readlink -f "$0")")"
-
-# load the data required for generating the callback
-. "$BASE_DIR/env.sh"
-URL_PREFIX="$CALLBACK_HOST/dynflow/tasks/$TASK_ID"
-AUTH="$TASK_ID:$OTP"
-CURL="curl --silent --show-error --fail --max-time 10"
-
-MY_LOCK_FILE="$BASE_DIR/retrieve_lock.$$"
-MY_PID=$$
-echo $MY_PID >"$MY_LOCK_FILE"
-LOCK_FILE="$BASE_DIR/retrieve_lock"
-TMP_OUTPUT_FILE="$BASE_DIR/tmp_output"
-
-RUN_TIMEOUT=30 # for how long can the script hold the lock
-WAIT_TIMEOUT=60 # for how long the script is trying to acquire the lock
-START_TIME=$(date +%s)
-
-fail() {
-    echo RUNNING
-    echo "$1"
-    exit 1
-}
-
-acquire_lock() {
-    # try to acquire lock by creating the file (ln should be atomic an fail in case
-    # another process succeeded first). We also check the content of the lock file,
-    # in case our process won when competing over the lock while invalidating
-    # the lock on timeout.
-    ln "$MY_LOCK_FILE" "$LOCK_FILE" 2>/dev/null || [ "$(head -n1 "$LOCK_FILE")" = "$MY_PID" ]
-    return $?
-}
-
-# acquiring the lock before proceeding, to ensure only one instance of the script is running
-while ! acquire_lock; do
-    # we failed to create retrieve_lock - assuming there is already another retrieve script running
-    current_pid=$(head -n1 "$LOCK_FILE")
-    if [ -z "$current_pid" ]; then
-        continue
-    fi
-    # check whether the lock is not too old (compared to $RUN_TIMEOUT) and try to kill
-    # if it is, so that we don't have a stalled processes here
-    lock_lines_count=$(wc -l < "$LOCK_FILE")
-    current_lock_time=$(stat --format "%Y" "$LOCK_FILE")
-    current_time=$(date +%s)
-
-    if [ "$(( current_time - START_TIME ))" -gt "$WAIT_TIMEOUT" ]; then
-        # We were waiting for the lock for too long - just give up
-        fail "Wait time exceeded $WAIT_TIMEOUT"
-    elif [ "$(( current_time - current_lock_time ))" -gt "$RUN_TIMEOUT" ]; then
-        # The previous lock it hold for too long - re-acquiring procedure
-        if [ "$lock_lines_count" -gt 1 ]; then
-           # there were multiple processes waiting for lock without resolution
-           # longer than the $RUN_TIMEOUT - we reset the lock file and let processes
-           # to compete
-           echo "RETRY" > "$LOCK_FILE"
-        fi
-        if [ "$current_pid" != "RETRY" ]; then
-            # try to kill the currently stalled process
-            kill -9 "$current_pid" 2>/dev/null
-        fi
-        # try to add our process as one candidate
-        echo $MY_PID >> "$LOCK_FILE"
-        if [ "$( head -n2 "$LOCK_FILE" | tail -n1 )" = "$MY_PID" ]; then
-            # our process won the competition for the new lock: it is the first pid
-            # after the original one in the lock file - take ownership of the lock
-            # next iteration only this process will get through
-            echo $MY_PID >"$LOCK_FILE"
-        fi
-    else
-        # still waiting for the original owner to finish
-        sleep 1
-    fi
-done
-
-release_lock() {
-    rm "$MY_LOCK_FILE"
-    rm "$LOCK_FILE"
-}
-# ensure the release the lock at exit
-trap "release_lock" EXIT
-
-# make sure we clear previous tmp output file
-if [ -e "$TMP_OUTPUT_FILE" ]; then
-    rm "$TMP_OUTPUT_FILE"
-fi
-
-pid=$(cat "$BASE_DIR/pid")
-[ -f "$BASE_DIR/position" ] || echo 1 > "$BASE_DIR/position"
-position=$(cat "$BASE_DIR/position")
-
-prepare_output() {
-    if [ -e "$BASE_DIR/manual_mode" ] || ([ -n "$pid" ] && pgrep -P "$pid" >/dev/null 2>&1); then
-        echo RUNNING
-    else
-        echo "DONE $(cat "$BASE_DIR/exit_code" 2>/dev/null)"
-    fi
-    [ -f "$BASE_DIR/output" ] || exit 0
-    tail --bytes "+${position}" "$BASE_DIR/output" > "$TMP_OUTPUT_FILE"
-    cat "$TMP_OUTPUT_FILE"
-}
-
-# prepare the callback payload
-payload() {
-    if [ -n "$1" ]; then
-        exit_code="$1"
-    else
-        exit_code=null
-    fi
-
-    if [ -e "$BASE_DIR/manual_mode" ]; then
-        manual_mode=true
-        output=$(prepare_output | base64 -w0)
-    else
-        manual_mode=false
-    fi
-
-    echo "{ \"exit_code\": $exit_code,"\
-         "  \"step_id\": \"$STEP_ID\","\
-         "  \"manual_mode\": $manual_mode,"\
-         "  \"output\": \"$output\" }"
-}
-
-if [ "$1" = "push_update" ]; then
-    if [ -e "$BASE_DIR/exit_code" ]; then
-        exit_code="$(cat "$BASE_DIR/exit_code")"
-        action="done"
-    else
-        exit_code=""
-        action="update"
-    fi
-    $CURL -X POST -d "$(payload $exit_code)" -u "$AUTH" "$URL_PREFIX"/$action 2>>"$BASE_DIR/curl_stderr"
-    success=$?
-else
-    prepare_output
-    success=$?
-fi
-
-if [ "$success" = 0 ] && [ -e "$TMP_OUTPUT_FILE" ]; then
-    # in case the retrieval was successful, move the position of the cursor to be read next time
-    bytes=$(wc --bytes < "$TMP_OUTPUT_FILE")
-    expr "${position}" + "${bytes}" > "$BASE_DIR/position"
-fi

data/lib/foreman_remote_execution_core/dispatcher.rb

@@ -1,12 +0,0 @@
-require 'foreman_tasks_core/runner/dispatcher'
-
-module ForemanRemoteExecutionCore
-  class Dispatcher < ::ForemanTasksCore::Runner::Dispatcher
-
-    def refresh_interval
-      @refresh_interval ||= ForemanRemoteExecutionCore.settings[:runner_refresh_interval] ||
-                              ForemanRemoteExecutionCore.runner_class::DEFAULT_REFRESH_INTERVAL
-    end
-
-  end
-end

data/lib/foreman_remote_execution_core/fake_script_runner.rb

@@ -1,87 +0,0 @@
-module ForemanRemoteExecutionCore
-  class FakeScriptRunner < ForemanTasksCore::Runner::Base
-    DEFAULT_REFRESH_INTERVAL = 1
-
-    @data = []
-
-    class << self
-      attr_accessor :data
-
-      def load_data(path = nil)
-        if path.nil?
-          @data = <<-END.gsub(/^\s+\| ?/, '').lines
-            | ====== Simulated Remote Execution ======
-            |
-            | This is an output of a simulated remote
-            | execution run. It should run for about
-            | 5 seconds and finish successfully.
-          END
-        else
-          File.open(File.expand_path(path), 'r') do |f|
-            @data = f.readlines.map(&:chomp)
-          end
-        end
-        @data.freeze
-      end
-
-      def build(options, suspended_action:)
-        new(options, suspended_action: suspended_action)
-      end
-    end
-
-    def initialize(*args)
-      super
-      # Load the fake output the first time its needed
-      self.class.load_data(ENV['REX_SIMULATE_PATH']) unless self.class.data.frozen?
-      @position = 0
-    end
-
-    def start
-      refresh
-    end
-
-    # Do one step
-    def refresh
-      if done?
-        finish
-      else
-        step
-      end
-    end
-
-    def kill
-      finish
-    end
-
-    private
-
-    def finish
-      publish_exit_status exit_code
-    end
-
-    def step
-      publish_data(next_chunk, 'stdout')
-    end
-
-    def done?
-      @position == self.class.data.count
-    end
-
-    def next_chunk
-      output = self.class.data[@position]
-      @position += 1
-      output
-    end
-
-    # Decide if the execution should fail or not
-    def exit_code
-      fail_chance   = ENV.fetch('REX_SIMULATE_FAIL_CHANCE', 0).to_i
-      fail_exitcode = ENV.fetch('REX_SIMULATE_EXIT', 0).to_i
-      if fail_exitcode == 0 || fail_chance < (Random.rand * 100).round
-        0
-      else
-        fail_exitcode
-      end
-    end
-  end
-end

data/lib/foreman_remote_execution_core/log_filter.rb

@@ -1,14 +0,0 @@
-module ForemanRemoteExecutionCore
-  class LogFilter < ::Logger
-    def initialize(base_logger)
-      @base_logger = base_logger
-    end
-
-    def add(severity, *args, &block)
-      severity ||= ::Logger::UNKNOWN
-      return true if @base_logger.nil? || severity < @level
-
-      @base_logger.add(severity, *args, &block)
-    end
-  end
-end

data/lib/foreman_remote_execution_core/polling_script_runner.rb

@@ -1,136 +0,0 @@
-require 'base64'
-
-module ForemanRemoteExecutionCore
-  class PollingScriptRunner < ScriptRunner
-
-    DEFAULT_REFRESH_INTERVAL = 60
-
-    def self.load_script(name)
-      script_dir = File.expand_path('../async_scripts', __FILE__)
-      File.read(File.join(script_dir, name))
-    end
-
-    # The script that controls the flow of the job, able to initiate update or
-    # finish on the task, or take over the control over script lifecycle
-    CONTROL_SCRIPT = load_script('control.sh')
-
-    # The script always outputs at least one line
-    # First line of the output either has to begin with
-    # "RUNNING" or "DONE $EXITCODE"
-    # The following lines are treated as regular output
-    RETRIEVE_SCRIPT = load_script('retrieve.sh')
-
-    def initialize(options, user_method, suspended_action: nil)
-      super(options, user_method, suspended_action: suspended_action)
-      @callback_host = options[:callback_host]
-      @task_id = options[:uuid]
-      @step_id = options[:step_id]
-      @otp = ForemanTasksCore::OtpManager.generate_otp(@task_id)
-    end
-
-    def prepare_start
-      super
-      @base_dir = File.dirname @remote_script
-      upload_control_scripts
-    end
-
-    def initialization_script
-      close_stdin = '</dev/null'
-      close_fds = close_stdin + ' >/dev/null 2>/dev/null'
-      main_script = "(#{@remote_script} #{close_stdin} 2>&1; echo $?>#{@base_dir}/init_exit_code) >#{@base_dir}/output"
-      control_script_finish = "#{@control_script_path} init-script-finish"
-      <<-SCRIPT.gsub(/^ +\| /, '')
-      | export CONTROL_SCRIPT="#{@control_script_path}"
-      | sh -c '#{main_script}; #{control_script_finish}' #{close_fds} &
-      | echo $! > '#{@base_dir}/pid'
-      SCRIPT
-    end
-
-    def trigger(*args)
-      run_sync(*args)
-    end
-
-    def refresh
-      err = output = nil
-      begin
-        _, output, err = run_sync("#{@user_method.cli_command_prefix} #{@retrieval_script}")
-      rescue => e
-        @logger.info("Error while connecting to the remote host on refresh: #{e.message}")
-      end
-      return if output.nil? || output.empty?
-
-      lines = output.lines
-      result = lines.shift.match(/^DONE (\d+)?/)
-      publish_data(lines.join, 'stdout') unless lines.empty?
-      publish_data(err, 'stderr') unless err.empty?
-      if result
-        exitcode = result[1] || 0
-        publish_exit_status(exitcode.to_i)
-        cleanup
-      end
-    ensure
-      destroy_session
-    end
-
-    def external_event(event)
-      data = event.data
-      if data['manual_mode']
-        load_event_updates(data)
-      else
-        # getting the update from automatic mode - reaching to the host to get the latest update
-        return run_refresh
-      end
-    ensure
-      destroy_session
-    end
-
-    def close
-      super
-      ForemanTasksCore::OtpManager.drop_otp(@task_id, @otp) if @otp
-    end
-
-    def upload_control_scripts
-      return if @control_scripts_uploaded
-
-      cp_script_to_remote(env_script, 'env.sh')
-      @control_script_path = cp_script_to_remote(CONTROL_SCRIPT, 'control.sh')
-      @retrieval_script = cp_script_to_remote(RETRIEVE_SCRIPT, 'retrieve.sh')
-      @control_scripts_uploaded = true
-    end
-
-    # Script setting the dynamic values to env variables: it's sourced from other control scripts
-    def env_script
-      <<-SCRIPT.gsub(/^ +\| /, '')
-      | CALLBACK_HOST="#{@callback_host}"
-      | TASK_ID="#{@task_id}"
-      | STEP_ID="#{@step_id}"
-      | OTP="#{@otp}"
-      SCRIPT
-    end
-
-    private
-
-    # Generates updates based on the callback data from the manual mode
-    def load_event_updates(event_data)
-      continuous_output = ForemanTasksCore::ContinuousOutput.new
-      if event_data.key?('output')
-        lines = Base64.decode64(event_data['output']).sub(/\A(RUNNING|DONE).*\n/, '')
-        continuous_output.add_output(lines, 'stdout')
-      end
-      cleanup if event_data['exit_code']
-      new_update(continuous_output, event_data['exit_code'])
-    end
-
-    def cleanup
-      run_sync("rm -rf \"#{remote_command_dir}\"") if @cleanup_working_dirs
-    end
-
-    def destroy_session
-      if @session
-        @logger.debug("Closing session with #{@ssh_user}@#{@host}")
-        @session.close
-        @session = nil
-      end
-    end
-  end
-end

data/lib/foreman_remote_execution_core/script_runner.rb

@@ -1,478 +0,0 @@
-require 'net/ssh'
-require 'fileutils'
-
-# rubocop:disable Lint/SuppressedException
-begin
-  require 'net/ssh/krb'
-rescue LoadError; end
-# rubocop:enable Lint/SuppressedException:
-
-module ForemanRemoteExecutionCore
-  class SudoUserMethod
-    LOGIN_PROMPT = 'rex login: '.freeze
-
-    attr_reader :effective_user, :ssh_user, :effective_user_password, :password_sent
-
-    def initialize(effective_user, ssh_user, effective_user_password)
-      @effective_user = effective_user
-      @ssh_user = ssh_user
-      @effective_user_password = effective_user_password.to_s
-      @password_sent = false
-    end
-
-    def on_data(received_data, ssh_channel)
-      if received_data.match(login_prompt)
-        ssh_channel.send_data(effective_user_password + "\n")
-        @password_sent = true
-      end
-    end
-
-    def login_prompt
-      LOGIN_PROMPT
-    end
-
-    def filter_password?(received_data)
-      !@effective_user_password.empty? && @password_sent && received_data.match(Regexp.escape(@effective_user_password))
-    end
-
-    def sent_all_data?
-      effective_user_password.empty? || password_sent
-    end
-
-    def cli_command_prefix
-      "sudo -p '#{LOGIN_PROMPT}' -u #{effective_user} "
-    end
-
-    def reset
-      @password_sent = false
-    end
-  end
-
-  class DzdoUserMethod < SudoUserMethod
-    LOGIN_PROMPT = /password/i.freeze
-
-    def login_prompt
-      LOGIN_PROMPT
-    end
-
-    def cli_command_prefix
-      "dzdo -u #{effective_user} "
-    end
-  end
-
-  class SuUserMethod
-    attr_accessor :effective_user, :ssh_user
-
-    def initialize(effective_user, ssh_user)
-      @effective_user = effective_user
-      @ssh_user = ssh_user
-    end
-
-    def on_data(_, _)
-    end
-
-    def filter_password?(received_data)
-      false
-    end
-
-    def sent_all_data?
-      true
-    end
-
-    def cli_command_prefix
-      "su - #{effective_user} -c "
-    end
-
-    def reset
-    end
-  end
-
-  class NoopUserMethod
-    def on_data(_, _)
-    end
-
-    def filter_password?(received_data)
-      false
-    end
-
-    def sent_all_data?
-      true
-    end
-
-    def cli_command_prefix
-    end
-
-    def reset
-    end
-  end
-
-  class ScriptRunner < ForemanTasksCore::Runner::Base
-    attr_reader :execution_timeout_interval
-
-    EXPECTED_POWER_ACTION_MESSAGES = ['restart host', 'shutdown host'].freeze
-    DEFAULT_REFRESH_INTERVAL = 1
-    MAX_PROCESS_RETRIES = 4
-
-    def initialize(options, user_method, suspended_action: nil)
-      super suspended_action: suspended_action
-      @host = options.fetch(:hostname)
-      @script = options.fetch(:script)
-      @ssh_user = options.fetch(:ssh_user, 'root')
-      @ssh_port = options.fetch(:ssh_port, 22)
-      @ssh_password = options.fetch(:secrets, {}).fetch(:ssh_password, nil)
-      @key_passphrase = options.fetch(:secrets, {}).fetch(:key_passphrase, nil)
-      @host_public_key = options.fetch(:host_public_key, nil)
-      @verify_host = options.fetch(:verify_host, nil)
-      @execution_timeout_interval = options.fetch(:execution_timeout_interval, nil)
-
-      @client_private_key_file = settings.fetch(:ssh_identity_key_file)
-      @local_working_dir = options.fetch(:local_working_dir, settings.fetch(:local_working_dir))
-      @remote_working_dir = options.fetch(:remote_working_dir, settings.fetch(:remote_working_dir))
-      @cleanup_working_dirs = options.fetch(:cleanup_working_dirs, settings.fetch(:cleanup_working_dirs))
-      @user_method = user_method
-    end
-
-    def self.build(options, suspended_action:)
-      effective_user = options.fetch(:effective_user, nil)
-      ssh_user = options.fetch(:ssh_user, 'root')
-      effective_user_method = options.fetch(:effective_user_method, 'sudo')
-
-      user_method = if effective_user.nil? || effective_user == ssh_user
-                      NoopUserMethod.new
-                    elsif effective_user_method == 'sudo'
-                      SudoUserMethod.new(effective_user, ssh_user,
-                        options.fetch(:secrets, {}).fetch(:sudo_password, nil))
-                    elsif effective_user_method == 'dzdo'
-                      DzdoUserMethod.new(effective_user, ssh_user,
-                        options.fetch(:secrets, {}).fetch(:sudo_password, nil))
-                    elsif effective_user_method == 'su'
-                      SuUserMethod.new(effective_user, ssh_user)
-                    else
-                      raise "effective_user_method '#{effective_user_method}' not supported"
-                    end
-
-      new(options, user_method, suspended_action: suspended_action)
-    end
-
-    def start
-      prepare_start
-      script = initialization_script
-      logger.debug("executing script:\n#{indent_multiline(script)}")
-      trigger(script)
-    rescue => e
-      logger.error("error while initalizing command #{e.class} #{e.message}:\n #{e.backtrace.join("\n")}")
-      publish_exception('Error initializing command', e)
-    end
-
-    def trigger(*args)
-      run_async(*args)
-    end
-
-    def prepare_start
-      @remote_script = cp_script_to_remote
-      @output_path = File.join(File.dirname(@remote_script), 'output')
-      @exit_code_path = File.join(File.dirname(@remote_script), 'exit_code')
-    end
-
-    # the script that initiates the execution
-    def initialization_script
-      # pipe the output to tee while capturing the exit code in a file
-      <<-SCRIPT.gsub(/^\s+\| /, '')
-      | sh <<WRAPPER
-      | (#{@user_method.cli_command_prefix}#{@remote_script} < /dev/null; echo \\$?>#{@exit_code_path}) | /usr/bin/tee #{@output_path}
-      | exit \\$(cat #{@exit_code_path})
-      | WRAPPER
-      SCRIPT
-    end
-
-    def refresh
-      return if @session.nil?
-
-      with_retries do
-        with_disconnect_handling do
-          @session.process(0)
-        end
-      end
-    ensure
-      check_expecting_disconnect
-    end
-
-    def kill
-      if @session
-        run_sync("pkill -f #{remote_command_file('script')}")
-      else
-        logger.debug('connection closed')
-      end
-    rescue => e
-      publish_exception('Unexpected error', e, false)
-    end
-
-    def timeout
-      @logger.debug('job timed out')
-      super
-    end
-
-    def timeout_interval
-      execution_timeout_interval
-    end
-
-    def with_retries
-      tries = 0
-      begin
-        yield
-      rescue => e
-        logger.error("Unexpected error: #{e.class} #{e.message}\n #{e.backtrace.join("\n")}")
-        tries += 1
-        if tries <= MAX_PROCESS_RETRIES
-          logger.error('Retrying')
-          retry
-        else
-          publish_exception('Unexpected error', e)
-        end
-      end
-    end
-
-    def with_disconnect_handling
-      yield
-    rescue IOError, Net::SSH::Disconnect => e
-      @session.shutdown!
-      check_expecting_disconnect
-      if @expecting_disconnect
-        publish_exit_status(0)
-      else
-        publish_exception('Unexpected disconnect', e)
-      end
-    end
-
-    def close
-      run_sync("rm -rf \"#{remote_command_dir}\"") if should_cleanup?
-    rescue => e
-      publish_exception('Error when removing remote working dir', e, false)
-    ensure
-      @session.close if @session && !@session.closed?
-      FileUtils.rm_rf(local_command_dir) if Dir.exist?(local_command_dir) && @cleanup_working_dirs
-    end
-
-    def publish_data(data, type)
-      super(data.force_encoding('UTF-8'), type)
-    end
-
-    private
-
-    def indent_multiline(string)
-      string.lines.map { |line| "  | #{line}" }.join
-    end
-
-    def should_cleanup?
-      @session && !@session.closed? && @cleanup_working_dirs
-    end
-
-    def session
-      @session ||= begin
-                     @logger.debug("opening session to #{@ssh_user}@#{@host}")
-                     Net::SSH.start(@host, @ssh_user, ssh_options)
-                   end
-    end
-
-    def ssh_options
-      ssh_options = {}
-      ssh_options[:port] = @ssh_port if @ssh_port
-      ssh_options[:keys] = [@client_private_key_file] if @client_private_key_file
-      ssh_options[:password] = @ssh_password if @ssh_password
-      ssh_options[:passphrase] = @key_passphrase if @key_passphrase
-      ssh_options[:keys_only] = true
-      # if the host public key is contained in the known_hosts_file,
-      # verify it, otherwise, if missing, import it and continue
-      ssh_options[:paranoid] = true
-      ssh_options[:auth_methods] = available_authentication_methods
-      ssh_options[:user_known_hosts_file] = prepare_known_hosts if @host_public_key
-      ssh_options[:number_of_password_prompts] = 1
-      ssh_options[:verbose] = settings[:ssh_log_level]
-      ssh_options[:logger] = ForemanRemoteExecutionCore::LogFilter.new(SmartProxyDynflowCore::Log.instance)
-      return ssh_options
-    end
-
-    def settings
-      ForemanRemoteExecutionCore.settings
-    end
-
-    # Initiates run of the remote command and yields the data when
-    # available. The yielding doesn't happen automatically, but as
-    # part of calling the `refresh` method.
-    def run_async(command)
-      raise 'Async command already in progress' if @started
-
-      @started = false
-      @user_method.reset
-
-      session.open_channel do |channel|
-        channel.request_pty
-        channel.on_data do |ch, data|
-          publish_data(data, 'stdout') unless @user_method.filter_password?(data)
-          @user_method.on_data(data, ch)
-        end
-        channel.on_extended_data { |ch, type, data| publish_data(data, 'stderr') }
-        # standard exit of the command
-        channel.on_request('exit-status') { |ch, data| publish_exit_status(data.read_long) }
-        # on signal: sending the signal value (such as 'TERM')
-        channel.on_request('exit-signal') do |ch, data|
-          publish_exit_status(data.read_string)
-          ch.close
-          # wait for the channel to finish so that we know at the end
-          # that the session is inactive
-          ch.wait
-        end
-        channel.exec(command) do |_, success|
-          @started = true
-          raise('Error initializing command') unless success
-        end
-      end
-      session.process(0) { !run_started? }
-      return true
-    end
-
-    def run_started?
-      @started && @user_method.sent_all_data?
-    end
-
-    def run_sync(command, stdin = nil)
-      stdout = ''
-      stderr = ''
-      exit_status = nil
-      started = false
-
-      channel = session.open_channel do |ch|
-        ch.on_data do |c, data|
-          stdout.concat(data)
-        end
-        ch.on_extended_data { |_, _, data| stderr.concat(data) }
-        ch.on_request('exit-status') { |_, data| exit_status = data.read_long }
-        # Send data to stdin if we have some
-        ch.send_data(stdin) unless stdin.nil?
-        # on signal: sending the signal value (such as 'TERM')
-        ch.on_request('exit-signal') do |_, data|
-          exit_status = data.read_string
-          ch.close
-          ch.wait
-        end
-        ch.exec command do |_, success|
-          raise 'could not execute command' unless success
-
-          started = true
-        end
-      end
-      session.process(0) { !started }
-      # Closing the channel without sending any data gives us SIGPIPE
-      channel.close unless stdin.nil?
-      channel.wait
-      return exit_status, stdout, stderr
-    end
-
-    def prepare_known_hosts
-      path = local_command_file('known_hosts')
-      if @host_public_key
-        write_command_file_locally('known_hosts', "#{@host} #{@host_public_key}")
-      end
-      return path
-    end
-
-    def local_command_dir
-      File.join(@local_working_dir, 'foreman-proxy', "foreman-ssh-cmd-#{@id}")
-    end
-
-    def local_command_file(filename)
-      File.join(local_command_dir, filename)
-    end
-
-    def remote_command_dir
-      File.join(@remote_working_dir, "foreman-ssh-cmd-#{id}")
-    end
-
-    def remote_command_file(filename)
-      File.join(remote_command_dir, filename)
-    end
-
-    def ensure_local_directory(path)
-      if File.exist?(path)
-        raise "#{path} expected to be a directory" unless File.directory?(path)
-      else
-        FileUtils.mkdir_p(path)
-      end
-      return path
-    end
-
-    def cp_script_to_remote(script = @script, name = 'script')
-      path = remote_command_file(name)
-      @logger.debug("copying script to #{path}:\n#{indent_multiline(script)}")
-      upload_data(sanitize_script(script), path, 555)
-    end
-
-    def upload_data(data, path, permissions = 555)
-      ensure_remote_directory File.dirname(path)
-      # We use tee here to pipe stdin coming from ssh to a file at $path, while silencing its output
-      # This is used to write to $path with elevated permissions, solutions using cat and output redirection
-      # would not work, because the redirection would happen in the non-elevated shell.
-      command = "tee '#{path}' >/dev/null && chmod '#{permissions}' '#{path}'"
-
-      @logger.debug("Sending data to #{path} on remote host:\n#{data}")
-      status, _out, err = run_sync(command, data)
-
-      @logger.warn("Output on stderr while uploading #{path}:\n#{err}") unless err.empty?
-      if status != 0
-        raise "Unable to upload file to #{path} on remote system: exit code: #{status}"
-      end
-
-      path
-    end
-
-    def upload_file(local_path, remote_path)
-      mode = File.stat(local_path).mode.to_s(8)[-3..-1]
-      @logger.debug("Uploading local file: #{local_path} as #{remote_path} with #{mode} permissions")
-      upload_data(File.read(local_path), remote_path, mode)
-    end
-
-    def ensure_remote_directory(path)
-      exit_code, _output, err = run_sync("mkdir -p #{path}")
-      if exit_code != 0
-        raise "Unable to create directory on remote system #{path}: exit code: #{exit_code}\n #{err}"
-      end
-    end
-
-    def sanitize_script(script)
-      script.tr("\r", '')
-    end
-
-    def write_command_file_locally(filename, content)
-      path = local_command_file(filename)
-      ensure_local_directory(File.dirname(path))
-      File.write(path, content)
-      return path
-    end
-
-    # when a remote server disconnects, it's hard to tell if it was on purpose (when calling reboot)
-    # or it's an error. When it's expected, we expect the script to produce 'restart host' as
-    # its last command output
-    def check_expecting_disconnect
-      last_output = @continuous_output.raw_outputs.find { |d| d['output_type'] == 'stdout' }
-      return unless last_output
-
-      if EXPECTED_POWER_ACTION_MESSAGES.any? { |message| last_output['output'] =~ /^#{message}/ }
-        @expecting_disconnect = true
-      end
-    end
-
-    def available_authentication_methods
-      methods = %w(publickey) # Always use pubkey auth as fallback
-      if settings[:kerberos_auth]
-        if defined? Net::SSH::Kerberos
-          methods << 'gssapi-with-mic'
-        else
-          @logger.warn('Kerberos authentication requested but not available')
-        end
-      end
-      methods.unshift('password') if @ssh_password
-
-      methods
-    end
-  end
-end