foreman_remote_execution_core 1.1.1 → 1.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f58fc844cebc176f015343ed6c5ed47a97ffeac65356c8eb34009705b29322dd
-  data.tar.gz: 91b3890c6238578942389be52d1392a140deba33aa6261de65776788bca86fb7
+  metadata.gz: 6c119b8c10a5f1c10cd6862e38b3cd926c022887c897583677a9d3ecc2fa62fa
+  data.tar.gz: 54295d5b48bfe55a17f32b9f599a23963f778a5d7ae3731e2a29001eae079528
 SHA512:
-  metadata.gz: 86b4e7b8e098b493cda6214cfd5fa35ed471221c7ef8af9ba23a8966f7eca0236aea68eac9890d1333119f954e4b90b730fd2e1f73ad05c1b97f761e936bebad
-  data.tar.gz: cfb6aba18b777bb140e2535bd16c70a6c248ff7d4b0a44fcc9005da32c647321bcf3517d5f6fef2b2ae8377105d0209ddd7e65da0b04b6b332a138d4e297ca70
+  metadata.gz: 89101a702cc1be1ce3f471407659831c01dda578cc73c5d7c830a298eee15a0b390bc1f2f90d703328a6f054ec636f636b6bed3a2b5add49f73663a3cd2423c7
+  data.tar.gz: eb23b63b87f06fd5cec7ddaff021669a34370a0972e3e63b7c6799b2a89cdbdc870e63e51a9edcc4d02c70d6806058c321dffa5b60fbd8d435fea99d555f9c2a

data/lib/foreman_remote_execution_core.rb

@@ -11,7 +11,8 @@ module ForemanRemoteExecutionCore
                     :async_ssh               => false,
                     # When set to nil, makes REX use the runner's default interval
                     :runner_refresh_interval => nil,
-                    :ssh_log_level           => :fatal)
+                    :ssh_log_level           => :fatal,
+                    :cleanup_working_dirs    => true)
 
   SSH_LOG_LEVELS = %w(debug info warn error fatal).freeze
 

data/lib/foreman_remote_execution_core/actions.rb

@@ -8,7 +8,7 @@ module ForemanRemoteExecutionCore
           :step_id => run_step_id,
           :uuid => execution_plan_id
         }
-        ForemanRemoteExecutionCore.runner_class.new(input.merge(additional_options))
+        ForemanRemoteExecutionCore.runner_class.build(input.merge(additional_options))
       end
 
       def runner_dispatcher

data/lib/foreman_remote_execution_core/fake_script_runner.rb

@@ -23,6 +23,10 @@ module ForemanRemoteExecutionCore
         end
         @data.freeze
       end
+
+      def self.build(options)
+        new(options)
+      end
     end
 
     def initialize(*args)
@@ -72,7 +76,7 @@ module ForemanRemoteExecutionCore
     # Decide if the execution should fail or not
     def exit_code
       fail_chance   = ENV.fetch('REX_SIMULATE_FAIL_CHANCE', 0).to_i
-      fail_exitcode = ENV.fetch('REX_SIMULATE_EXIT', 0)
+      fail_exitcode = ENV.fetch('REX_SIMULATE_EXIT', 0).to_i
       if fail_exitcode == 0 || fail_chance < (Random.rand * 100).round
         0
       else

data/lib/foreman_remote_execution_core/polling_script_runner.rb

@@ -3,8 +3,8 @@ module ForemanRemoteExecutionCore
 
     DEFAULT_REFRESH_INTERVAL = 60
 
-    def initialize(options = {})
-      super(options)
+    def initialize(options, user_method)
+      super(options, user_method)
       @callback_host = options[:callback_host]
       @task_id = options[:uuid]
       @step_id = options[:step_id]
@@ -24,7 +24,7 @@ module ForemanRemoteExecutionCore
       close_fds = close_stdin + ' >/dev/null 2>/dev/null'
       # pipe the output to tee while capturing the exit code in a file, don't wait for it to finish, output PID of the main command
       <<-SCRIPT.gsub(/^\s+\| /, '')
-      | sh -c '(#{su_prefix}#{@remote_script} #{close_stdin}; echo $?>#{@exit_code_path}) | /usr/bin/tee #{@output_path} >/dev/null; #{callback_scriptlet}' #{close_fds} &
+      | sh -c '(#{@user_method.cli_command_prefix}#{@remote_script} #{close_stdin}; echo $?>#{@exit_code_path}) | /usr/bin/tee #{@output_path} >/dev/null; #{callback_scriptlet}' #{close_fds} &
       | echo $! > '#{@pid_path}'
       SCRIPT
     end
@@ -36,7 +36,7 @@ module ForemanRemoteExecutionCore
     def refresh
       err = output = nil
       with_retries do
-        _, output, err = run_sync("#{su_prefix} #{@retrieval_script}")
+        _, output, err = run_sync("#{@user_method.cli_command_prefix} #{@retrieval_script}")
       end
       lines = output.lines
       result = lines.shift.match(/^DONE (\d+)?/)
@@ -45,6 +45,7 @@ module ForemanRemoteExecutionCore
       if result
         exitcode = result[1] || 0
         publish_exit_status(exitcode.to_i)
+        run_sync("rm -rf \"#{remote_command_dir}\"") if @cleanup_working_dirs
       end
       destroy_session
     end
@@ -91,7 +92,7 @@ module ForemanRemoteExecutionCore
     def callback_scriptlet(callback_script_path = nil)
       if @otp
         callback_script_path = cp_script_to_remote(callback_script, 'callback') if callback_script_path.nil?
-        "#{su_prefix}#{callback_script_path}"
+        "#{@user_method.cli_command_prefix}#{callback_script_path}"
       else
         ':' # Shell synonym for "do nothing"
       end

data/lib/foreman_remote_execution_core/script_runner.rb

@@ -1,4 +1,5 @@
 require 'net/ssh'
+require 'fileutils'
 
 # rubocop:disable Lint/HandleExceptions
 begin
@@ -7,6 +8,83 @@ rescue LoadError; end
 # rubocop:enable Lint/HandleExceptions:
 
 module ForemanRemoteExecutionCore
+  class SudoUserMethod
+    LOGIN_PROMPT = 'rex login: '.freeze
+
+    attr_reader :effective_user, :ssh_user, :effective_user_password, :password_sent
+
+    def initialize(effective_user, ssh_user, effective_user_password)
+      @effective_user = effective_user
+      @ssh_user = ssh_user
+      @effective_user_password = effective_user_password.to_s
+      @password_sent = false
+    end
+
+    def on_data(received_data, ssh_channel)
+      if received_data.match(LOGIN_PROMPT)
+        ssh_channel.send_data(effective_user_password + "\n")
+        @password_sent = true
+      end
+    end
+
+    def filter_password?(received_data)
+      !@effective_user_password.empty? && @password_sent && received_data.match(@effective_user_password)
+    end
+
+    def sent_all_data?
+      effective_user_password.empty? || password_sent
+    end
+
+    def cli_command_prefix
+      "sudo -p '#{LOGIN_PROMPT}' -u #{effective_user} "
+    end
+
+    def reset
+      @password_sent = false
+    end
+  end
+
+  class SuUserMethod
+    attr_accessor :effective_user, :ssh_user
+
+    def initialize(effective_user, ssh_user)
+      @effective_user = effective_user
+      @ssh_user = ssh_user
+    end
+
+    def on_data(_, _); end
+
+    def filter_password?(received_data)
+      false
+    end
+
+    def sent_all_data?
+      true
+    end
+
+    def cli_command_prefix
+      "su - #{effective_user} -c "
+    end
+
+    def reset; end
+  end
+
+  class NoopUserMethod
+    def on_data(_, _); end
+
+    def filter_password?(received_data)
+      false
+    end
+
+    def sent_all_data?
+      true
+    end
+
+    def cli_command_prefix; end
+
+    def reset; end
+  end
+
   class ScriptRunner < ForemanTasksCore::Runner::Base
     attr_reader :execution_timeout_interval
 
@@ -14,7 +92,7 @@ module ForemanRemoteExecutionCore
     DEFAULT_REFRESH_INTERVAL = 1
     MAX_PROCESS_RETRIES = 4
 
-    def initialize(options)
+    def initialize(options, user_method)
       super()
       @host = options.fetch(:hostname)
       @script = options.fetch(:script)
@@ -22,8 +100,6 @@ module ForemanRemoteExecutionCore
       @ssh_port = options.fetch(:ssh_port, 22)
       @ssh_password = options.fetch(:secrets, {}).fetch(:ssh_password, nil)
       @key_passphrase = options.fetch(:secrets, {}).fetch(:key_passphrase, nil)
-      @effective_user = options.fetch(:effective_user, nil)
-      @effective_user_method = options.fetch(:effective_user_method, 'sudo')
       @host_public_key = options.fetch(:host_public_key, nil)
       @verify_host = options.fetch(:verify_host, nil)
       @execution_timeout_interval = options.fetch(:execution_timeout_interval, nil)
@@ -31,6 +107,27 @@ module ForemanRemoteExecutionCore
       @client_private_key_file = settings.fetch(:ssh_identity_key_file)
       @local_working_dir = options.fetch(:local_working_dir, settings.fetch(:local_working_dir))
       @remote_working_dir = options.fetch(:remote_working_dir, settings.fetch(:remote_working_dir))
+      @cleanup_working_dirs = options.fetch(:cleanup_working_dirs, settings.fetch(:cleanup_working_dirs))
+      @user_method = user_method
+    end
+
+    def self.build(options)
+      effective_user = options.fetch(:effective_user, nil)
+      ssh_user = options.fetch(:ssh_user, 'root')
+      effective_user_method = options.fetch(:effective_user_method, 'sudo')
+
+      user_method = if effective_user.nil? || effective_user == ssh_user
+                      NoopUserMethod.new
+                    elsif effective_user_method == 'sudo'
+                      SudoUserMethod.new(effective_user, ssh_user,
+                                         options.fetch(:secrets, {}).fetch(:sudo_password, nil))
+                    elsif effective_user_method == 'su'
+                      SuUserMethod.new(effective_user, ssh_user)
+                    else
+                      raise "effective_user_method '#{effective_user_method}' not supported"
+                    end
+
+      new(options, user_method)
     end
 
     def start
@@ -57,7 +154,7 @@ module ForemanRemoteExecutionCore
       # pipe the output to tee while capturing the exit code in a file
       <<-SCRIPT.gsub(/^\s+\| /, '')
       | sh <<WRAPPER
-      | (#{su_prefix}#{@remote_script} < /dev/null; echo \\$?>#{@exit_code_path}) | /usr/bin/tee #{@output_path}
+      | (#{@user_method.cli_command_prefix}#{@remote_script} < /dev/null; echo \\$?>#{@exit_code_path}) | /usr/bin/tee #{@output_path}
       | exit \\$(cat #{@exit_code_path})
       | WRAPPER
       SCRIPT
@@ -122,7 +219,12 @@ module ForemanRemoteExecutionCore
     end
 
     def close
+      run_sync("rm -rf \"#{remote_command_dir}\"") if should_cleanup?
+    rescue => e
+      publish_exception('Error when removing remote working dir', e, false)
+    ensure
       @session.close if @session && !@session.closed?
+      FileUtils.rm_rf(local_command_dir) if Dir.exist?(local_command_dir) && @cleanup_working_dirs
     end
 
     def publish_data(data, type)
@@ -131,6 +233,10 @@ module ForemanRemoteExecutionCore
 
     private
 
+    def should_cleanup?
+      @session && !@session.closed? && @cleanup_working_dirs
+    end
+
     def session
       @session ||= begin
                      @logger.debug("opening session to #{@ssh_user}@#{@host}")
@@ -167,9 +273,14 @@ module ForemanRemoteExecutionCore
     def run_async(command)
       raise 'Async command already in progress' if @started
       @started = false
+      @user_method.reset
+
       session.open_channel do |channel|
         channel.request_pty
-        channel.on_data { |ch, data| publish_data(data, 'stdout') }
+        channel.on_data do |ch, data|
+          publish_data(data, 'stdout') unless @user_method.filter_password?(data)
+          @user_method.on_data(data, ch)
+        end
         channel.on_extended_data { |ch, type, data| publish_data(data, 'stderr') }
         # standard exit of the command
         channel.on_request('exit-status') { |ch, data| publish_exit_status(data.read_long) }
@@ -181,15 +292,19 @@ module ForemanRemoteExecutionCore
           # that the session is inactive
           ch.wait
         end
-        channel.exec(command) do |ch, success|
+        channel.exec(command) do |_, success|
           @started = true
           raise('Error initializing command') unless success
         end
       end
-      session.process(0) until @started
+      session.process(0) { !run_started? }
       return true
     end
 
+    def run_started?
+      @started && @user_method.sent_all_data?
+    end
+
     def run_sync(command, stdin = nil)
       stdout = ''
       stderr = ''
@@ -197,7 +312,9 @@ module ForemanRemoteExecutionCore
       started = false
 
       channel = session.open_channel do |ch|
-        ch.on_data { |_, data| stdout.concat(data) }
+        ch.on_data do |c, data|
+          stdout.concat(data)
+        end
         ch.on_extended_data { |_, _, data| stderr.concat(data) }
         ch.on_request('exit-status') { |_, data| exit_status = data.read_long }
         # Send data to stdin if we have some
@@ -213,25 +330,13 @@ module ForemanRemoteExecutionCore
           started = true
         end
       end
-      session.process(0) until started
+      session.process(0) { !started }
       # Closing the channel without sending any data gives us SIGPIPE
       channel.close unless stdin.nil?
       channel.wait
       return exit_status, stdout, stderr
     end
 
-    def su_prefix
-      return if @effective_user.nil? || @effective_user == @ssh_user
-      case @effective_user_method
-      when 'sudo'
-        "sudo -n -u #{@effective_user} "
-      when 'su'
-        "su - #{@effective_user} -c "
-      else
-        raise "effective_user_method ''#{@effective_user_method}'' not supported"
-      end
-    end
-
     def prepare_known_hosts
       path = local_command_file('known_hosts')
       if @host_public_key

data/lib/foreman_remote_execution_core/version.rb

@@ -1,3 +1,3 @@
 module ForemanRemoteExecutionCore
-  VERSION = '1.1.1'.freeze
+  VERSION = '1.1.2'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_remote_execution_core
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.2
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-12 00:00:00.000000000 Z
+date: 2018-05-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: foreman-tasks-core