smart_proxy_remote_execution_ssh 0.3.2 → 0.5.1

data/lib/smart_proxy_remote_execution_ssh/cockpit.rb

@@ -1,11 +1,11 @@
-require 'net/ssh'
+require 'smart_proxy_remote_execution_ssh/net_ssh_compat'
 require 'forwardable'
 
 module Proxy::RemoteExecution
   module Cockpit
     # A wrapper class around different kind of sockets to comply with Net::SSH event loop
     class BufferedSocket
-      include Net::SSH::BufferedIo
+      include Proxy::RemoteExecution::NetSSHCompat::BufferedIO
       extend Forwardable
 
       # The list of methods taken from OpenSSL::SSL::SocketForwarder for the object to act like a socket
@@ -52,14 +52,14 @@ module Proxy::RemoteExecution
       end
       def_delegators(:@socket, :read_nonblock, :write_nonblock, :close)
 
-      def recv(n)
+      def recv(count)
         res = ""
         begin
           # To drain a SSLSocket before we can go back to the event
           # loop, we need to repeatedly call read_nonblock; a single
           # call is not enough.
           loop do
-            res += @socket.read_nonblock(n)
+            res += @socket.read_nonblock(count)
           end
         rescue IO::WaitReadable
           # Sometimes there is no payload after reading everything
@@ -95,8 +95,8 @@ module Proxy::RemoteExecution
       end
       def_delegators(:@socket, :read_nonblock, :write_nonblock, :close)
 
-      def recv(n)
-        @socket.read_nonblock(n)
+      def recv(count)
+        @socket.read_nonblock(count)
       end
 
       def send(mesg, flags)
@@ -113,6 +113,7 @@ module Proxy::RemoteExecution
 
       def initialize(env)
         @env = env
+        @open_ios = []
       end
 
       def valid?
@@ -127,6 +128,7 @@ module Proxy::RemoteExecution
           begin
             @env['rack.hijack'].call
           rescue NotImplementedError
+            # This is fine
           end
           @socket = @env['rack.hijack_io']
         end
@@ -137,15 +139,11 @@ module Proxy::RemoteExecution
       private
 
       def ssh_on_socket
-        with_error_handling { start_ssh_loop }
+        with_error_handling { system_ssh_loop }
       end
 
       def with_error_handling
         yield
-      rescue Net::SSH::AuthenticationFailed => e
-        send_error(401, e.message)
-      rescue Errno::EHOSTUNREACH
-        send_error(400, "No route to #{host}")
       rescue SystemCallError => e
         send_error(400, e.message)
       rescue SocketError => e
@@ -161,50 +159,67 @@ module Proxy::RemoteExecution
         end
       end
 
-      def start_ssh_loop
-        err_buf = ""
-
-        Net::SSH.start(host, ssh_user, ssh_options) do |ssh|
-          channel = ssh.open_channel do |ch|
-            ch.exec(command) do |ch, success|
-              raise "could not execute command" unless success
-
-              ssh.listen_to(buf_socket)
-
-              ch.on_process do
-                if buf_socket.available.positive?
-                  ch.send_data(buf_socket.read_available)
-                end
-                if buf_socket.closed?
-                  ch.close
-                end
-              end
-
-              ch.on_data do |ch2, data|
-                send_start
-                buf_socket.enqueue(data)
-              end
-
-              ch.on_request('exit-status') do |ch, data|
-                code = data.read_long
-                send_start if code.zero?
-                err_buf += "Process exited with code #{code}.\r\n"
-                ch.close
-              end
-
-              ch.on_request('exit-signal') do |ch, data|
-                err_buf += "Process was terminated with signal #{data.read_string}.\r\n"
-                ch.close
-              end
-
-              ch.on_extended_data do |ch2, type, data|
-                err_buf += data
-              end
-            end
+      def system_ssh_loop
+        in_read, in_write   = IO.pipe
+        out_read, out_write = IO.pipe
+        err_read, err_write = IO.pipe
+
+        # Force the script runner to initialize its logger
+        script_runner.logger
+        pid = spawn(*script_runner.send(:get_args, command), :in => in_read, :out => out_write, :err => err_write)
+        [in_read, out_write, err_write].each(&:close)
+
+        send_start
+        # Not SSL buffer, but the interface kinda matches
+        out_buf = MiniSSLBufferedSocket.new(out_read)
+        err_buf = MiniSSLBufferedSocket.new(err_read)
+        in_buf  = MiniSSLBufferedSocket.new(in_write)
+
+        inner_system_ssh_loop out_buf, err_buf, in_buf, pid
+      end
+
+      def inner_system_ssh_loop(out_buf, err_buf, in_buf, pid)
+        err_buf_raw = ''
+        readers = [buf_socket, out_buf, err_buf]
+        loop do
+          # Prime the sockets for reading
+          ready_readers, ready_writers = IO.select(readers, [buf_socket, in_buf], nil, 300)
+          (ready_readers || []).each { |reader| reader.close if reader.fill.zero? }
+
+          proxy_data(out_buf, in_buf)
+          if buf_socket.closed?
+            script_runner.close_session
           end
 
-          channel.wait
-          send_error(400, err_buf) unless @started
+          if out_buf.closed?
+            code = Process.wait2(pid).last.exitstatus
+            send_start if code.zero? # TODO: Why?
+            err_buf_raw += "Process exited with code #{code}.\r\n"
+            break
+          end
+
+          if err_buf.available.positive?
+            err_buf_raw += err_buf.read_available
+          end
+
+          flush_pending_writes(ready_writers || [])
+        end
+      rescue # rubocop:disable Style/RescueStandardError
+        send_error(400, err_buf_raw) unless @started
+      ensure
+        [out_buf, err_buf, in_buf].each(&:close)
+      end
+
+      def proxy_data(out_buf, in_buf)
+        { out_buf => buf_socket, buf_socket => in_buf }.each do |src, dst|
+          dst.enqueue(src.read_available) if src.available.positive?
+          dst.close if src.closed?
+        end
+      end
+
+      def flush_pending_writes(writers)
+        writers.each do |writer|
+          writer.respond_to?(:send_pending) ? writer.send_pending : writer.flush
         end
       end
 
@@ -215,6 +230,7 @@ module Proxy::RemoteExecution
           buf_socket.enqueue("Connection: upgrade\r\n")
           buf_socket.enqueue("Upgrade: raw\r\n")
           buf_socket.enqueue("\r\n")
+          buf_socket.send_pending
         end
       end
 
@@ -223,6 +239,7 @@ module Proxy::RemoteExecution
         buf_socket.enqueue("Connection: close\r\n")
         buf_socket.enqueue("\r\n")
         buf_socket.enqueue(msg)
+        buf_socket.send_pending
       end
 
       def params
@@ -234,34 +251,33 @@ module Proxy::RemoteExecution
       end
 
       def buf_socket
-        @buffered_socket ||= BufferedSocket.build(@socket)
+        @buf_socket ||= BufferedSocket.build(@socket)
       end
 
       def command
         params["command"]
       end
 
-      def ssh_user
-        params["ssh_user"]
-      end
-
       def host
         params["hostname"]
       end
 
-      def ssh_options
-        auth_methods = %w[publickey]
-        auth_methods.unshift('password') if params["ssh_password"]
-
-        ret = {}
-        ret[:port] = params["ssh_port"] if params["ssh_port"]
-        ret[:keys] = [key_file] if key_file
-        ret[:password] = params["ssh_password"] if params["ssh_password"]
-        ret[:passphrase] = params["ssh_key_passphrase"] if params["ssh_key_passphrase"]
-        ret[:keys_only] = true
-        ret[:auth_methods] = auth_methods
-        ret[:verify_host_key] = true
-        ret[:number_of_password_prompts] = 1
+      def script_runner
+        @script_runner ||= Proxy::RemoteExecution::Ssh::Runners::ScriptRunner.build(
+          runner_params,
+          suspended_action: nil
+        )
+      end
+
+      def runner_params
+        ret = { secrets: {} }
+        ret[:secrets][:ssh_password] = params["ssh_password"] if params["ssh_password"]
+        ret[:secrets][:key_passphrase] = params["ssh_key_passphrase"] if params["ssh_key_passphrase"]
+        ret[:ssh_port] = params["ssh_port"] if params["ssh_port"]
+        ret[:ssh_user] = params["ssh_user"]
+        # For compatibility only
+        ret[:script] = nil
+        ret[:hostname] = host
         ret
       end
     end

data/lib/smart_proxy_remote_execution_ssh/dispatcher.rb

@@ -0,0 +1,10 @@
+require 'smart_proxy_dynflow/runner/dispatcher'
+
+module Proxy::RemoteExecution::Ssh
+  class Dispatcher < ::Proxy::Dynflow::Runner::Dispatcher
+    def refresh_interval
+      @refresh_interval ||= Plugin.settings[:runner_refresh_interval] ||
+                            Plugin.runner_class::DEFAULT_REFRESH_INTERVAL
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh/job_storage.rb

@@ -0,0 +1,51 @@
+# lib/job_storage.rb
+require 'sequel'
+
+module Proxy::RemoteExecution::Ssh
+  class JobStorage
+    def initialize
+      @db = Sequel.sqlite
+      @db.create_table :jobs do
+        DateTime :timestamp, null: false, default: Sequel::CURRENT_TIMESTAMP
+        String :uuid, fixed: true, size: 36, primary_key: true, null: false
+        String :hostname, null: false, index: true
+        String :execution_plan_uuid, fixed: true, size: 36, null: false, index: true
+        Integer :run_step_id, null: false
+        String :job, text: true
+      end
+    end
+
+    def find_job(uuid)
+      jobs.where(uuid: uuid).first
+    end
+
+    def job_uuids_for_host(hostname)
+      jobs_for_host(hostname).order(:timestamp)
+                             .select_map(:uuid)
+    end
+
+    def store_job(hostname, execution_plan_uuid, run_step_id, job, uuid: SecureRandom.uuid, timestamp: Time.now.utc)
+      jobs.insert(timestamp: timestamp,
+                  uuid: uuid,
+                  hostname: hostname,
+                  execution_plan_uuid: execution_plan_uuid,
+                  run_step_id: run_step_id,
+                  job: job)
+      uuid
+    end
+
+    def drop_job(execution_plan_uuid, run_step_id)
+      jobs.where(execution_plan_uuid: execution_plan_uuid, run_step_id: run_step_id).delete
+    end
+
+    private
+
+    def jobs_for_host(hostname)
+      jobs.where(hostname: hostname)
+    end
+
+    def jobs
+      @db[:jobs]
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh/log_filter.rb

@@ -0,0 +1,14 @@
+module Proxy::RemoteExecution::Ssh
+  class LogFilter < ::Logger
+    def initialize(base_logger)
+      @base_logger = base_logger
+    end
+
+    def add(severity, *args, &block)
+      severity ||= ::Logger::UNKNOWN
+      return true if @base_logger.nil? || severity < @level
+
+      @base_logger.add(severity, *args, &block)
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh/net_ssh_compat.rb

@@ -0,0 +1,228 @@
+module Proxy::RemoteExecution
+  module NetSSHCompat
+    class Buffer
+      # exposes the raw content of the buffer
+      attr_reader :content
+
+      # the current position of the pointer in the buffer
+      attr_accessor :position
+
+      # Creates a new buffer, initialized to the given content. The position
+      # is initialized to the beginning of the buffer.
+      def initialize(content = +'')
+        @content = content.to_s
+        @position = 0
+      end
+
+      # Returns the length of the buffer's content.
+      def length
+        @content.length
+      end
+
+      # Returns the number of bytes available to be read (e.g., how many bytes
+      # remain between the current position and the end of the buffer).
+      def available
+        length - position
+      end
+
+      # Returns a copy of the buffer's content.
+      def to_s
+        (@content || "").dup
+      end
+
+      # Returns +true+ if the buffer contains no data (e.g., it is of zero length).
+      def empty?
+        @content.empty?
+      end
+
+      # Resets the pointer to the start of the buffer. Subsequent reads will
+      # begin at position 0.
+      def reset!
+        @position = 0
+      end
+
+      # Returns true if the pointer is at the end of the buffer. Subsequent
+      # reads will return nil, in this case.
+      def eof?
+        @position >= length
+      end
+
+      # Resets the buffer, making it empty. Also, resets the read position to
+      # 0.
+      def clear!
+        @content = +''
+        @position = 0
+      end
+
+      # Consumes n bytes from the buffer, where n is the current position
+      # unless otherwise specified. This is useful for removing data from the
+      # buffer that has previously been read, when you are expecting more data
+      # to be appended. It helps to keep the size of buffers down when they
+      # would otherwise tend to grow without bound.
+      #
+      # Returns the buffer object itself.
+      def consume!(count = position)
+        if count >= length
+          # OPTIMIZE: a fairly common case
+          clear!
+        elsif count.positive?
+          @content = @content[count..-1] || +''
+          @position -= count
+          @position = 0 if @position.negative?
+        end
+        self
+      end
+
+      # Appends the given text to the end of the buffer. Does not alter the
+      # read position. Returns the buffer object itself.
+      def append(text)
+        @content << text
+        self
+      end
+
+      # Reads and returns the next +count+ bytes from the buffer, starting from
+      # the read position. If +count+ is +nil+, this will return all remaining
+      # text in the buffer. This method will increment the pointer.
+      def read(count = nil)
+        count ||= length
+        count = length - @position if @position + count > length
+        @position += count
+        @content[@position - count, count]
+      end
+
+      # Writes the given data literally into the string. Does not alter the
+      # read position. Returns the buffer object.
+      def write(*data)
+        data.each { |datum| @content << datum.dup.force_encoding('BINARY') }
+        self
+      end
+    end
+
+    module BufferedIO
+      # This module is used to extend sockets and other IO objects, to allow
+      # them to be buffered for both read and write. This abstraction makes it
+      # quite easy to write a select-based event loop
+      # (see Net::SSH::Connection::Session#listen_to).
+      #
+      # The general idea is that instead of calling #read directly on an IO that
+      # has been extended with this module, you call #fill (to add pending input
+      # to the internal read buffer), and then #read_available (to read from that
+      # buffer). Likewise, you don't call #write directly, you call #enqueue to
+      # add data to the write buffer, and then #send_pending or #wait_for_pending_sends
+      # to actually send the data across the wire.
+      #
+      # In this way you can easily use the object as an argument to IO.select,
+      # calling #fill when it is available for read, or #send_pending when it is
+      # available for write, and then call #enqueue and #read_available during
+      # the idle times.
+      #
+      #   socket = TCPSocket.new(address, port)
+      #   socket.extend(Net::SSH::BufferedIo)
+      #
+      #   ssh.listen_to(socket)
+      #
+      #   ssh.loop do
+      #     if socket.available > 0
+      #       puts socket.read_available
+      #       socket.enqueue("response\n")
+      #     end
+      #   end
+      #
+      # Note that this module must be used to extend an instance, and should not
+      # be included in a class. If you do want to use it via an include, then you
+      # must make sure to invoke the private #initialize_buffered_io method in
+      # your class' #initialize method:
+      #
+      #   class Foo < IO
+      #     include Net::SSH::BufferedIo
+      #
+      #     def initialize
+      #       initialize_buffered_io
+      #       # ...
+      #     end
+      #   end
+
+      # Tries to read up to +n+ bytes of data from the remote end, and appends
+      # the data to the input buffer. It returns the number of bytes read, or 0
+      # if no data was available to be read.
+      def fill(count = 8192)
+        input.consume!
+        data = recv(count)
+        input.append(data)
+        return data.length
+      rescue EOFError => e
+        @input_errors << e
+        return 0
+      end
+
+      # Read up to +length+ bytes from the input buffer. If +length+ is nil,
+      # all available data is read from the buffer. (See #available.)
+      def read_available(length = nil)
+        input.read(length || available)
+      end
+
+      # Returns the number of bytes available to be read from the input buffer.
+      # (See #read_available.)
+      def available
+        input.available
+      end
+
+      # Enqueues data in the output buffer, to be written when #send_pending
+      # is called. Note that the data is _not_ sent immediately by this method!
+      def enqueue(data)
+        output.append(data)
+      end
+
+      # Sends as much of the pending output as possible. Returns +true+ if any
+      # data was sent, and +false+ otherwise.
+      def send_pending
+        if output.length.positive?
+          sent = send(output.to_s, 0)
+          output.consume!(sent)
+          return sent.positive?
+        else
+          return false
+        end
+      end
+
+      # Calls #send_pending repeatedly, if necessary, blocking until the output
+      # buffer is empty.
+      def wait_for_pending_sends
+        send_pending
+        while output.length.positive?
+          result = IO.select(nil, [self]) || next
+          next unless result[1].any?
+
+          send_pending
+        end
+      end
+
+      private
+
+      #--
+      # Can't use attr_reader here (after +private+) without incurring the
+      # wrath of "ruby -w". We hates it.
+      #++
+
+      def input
+        @input
+      end
+
+      def output
+        @output
+      end
+
+      # Initializes the intput and output buffers for this object. This method
+      # is called automatically when the module is mixed into an object via
+      # Object#extend (see Net::SSH::BufferedIo.extended), but must be called
+      # explicitly in the +initialize+ method of any class that uses
+      # Module#include to add this module.
+      def initialize_buffered_io
+        @input = Buffer.new
+        @input_errors = []
+        @output = Buffer.new
+        @output_errors = []
+      end
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh/plugin.rb

@@ -1,5 +1,8 @@
 module Proxy::RemoteExecution::Ssh
   class Plugin < Proxy::Plugin
+    SSH_LOG_LEVELS = %w[debug info error fatal].freeze
+    MODES = %i[ssh async-ssh pull pull-mqtt].freeze
+
     http_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
     https_rackup_path File.expand_path("http_config.ru", File.expand_path("../", __FILE__))
 
@@ -9,7 +12,13 @@ module Proxy::RemoteExecution::Ssh
                      :remote_working_dir      => '/var/tmp',
                      :local_working_dir       => '/var/tmp',
                      :kerberos_auth           => false,
-                     :async_ssh               => false
+                     # When set to nil, makes REX use the runner's default interval
+                     # :runner_refresh_interval => nil,
+                     :ssh_log_level           => :fatal,
+                     :cleanup_working_dirs    => true,
+                     # :mqtt_broker             => nil,
+                     # :mqtt_port               => nil,
+                     :mode                    => :ssh
 
     plugin :ssh, Proxy::RemoteExecution::Ssh::VERSION
     after_activation do
@@ -17,17 +26,30 @@ module Proxy::RemoteExecution::Ssh
       require 'smart_proxy_remote_execution_ssh/version'
       require 'smart_proxy_remote_execution_ssh/cockpit'
       require 'smart_proxy_remote_execution_ssh/api'
-
-      begin
-        require 'smart_proxy_dynflow_core'
-        require 'foreman_remote_execution_core'
-        ForemanRemoteExecutionCore.initialize_settings(Proxy::RemoteExecution::Ssh::Plugin.settings.to_h)
-      rescue LoadError # rubocop:disable Lint/HandleExceptions
-        # Dynflow core is not available in the proxy, will be handled
-        # by standalone Dynflow core
-      end
+      require 'smart_proxy_remote_execution_ssh/actions'
+      require 'smart_proxy_remote_execution_ssh/dispatcher'
+      require 'smart_proxy_remote_execution_ssh/log_filter'
+      require 'smart_proxy_remote_execution_ssh/runners'
+      require 'smart_proxy_remote_execution_ssh/utils'
+      require 'smart_proxy_remote_execution_ssh/job_storage'
 
       Proxy::RemoteExecution::Ssh.validate!
+
+      Proxy::Dynflow::TaskLauncherRegistry.register('ssh', Proxy::Dynflow::TaskLauncher::Batch)
+    end
+
+    def self.simulate?
+      @simulate ||= %w[yes true 1].include? ENV.fetch('REX_SIMULATE', '').downcase
+    end
+
+    def self.runner_class
+      @runner_class ||= if simulate?
+                          Runners::FakeScriptRunner
+                        elsif settings.mode == :'ssh-async'
+                          Runners::PollingScriptRunner
+                        else
+                          Runners::ScriptRunner
+                        end
     end
   end
 end