smart_proxy_remote_execution_ssh 0.5.3 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: abf6517f6a98386e246650454c7deb049b7583c7653040eb63bbdf8e3cc27f0a
-  data.tar.gz: 12b0aa0d067e45c73ee65286f69d1556f7ae8b1c47624845e1e0a7e96c341e95
+  metadata.gz: a3e83401d99929917142c15969fce19bf17e6fffc82000da554c457567016f8d
+  data.tar.gz: 9dbdec23d2203557204fb60f45cadc884d640d49b436eb291ad0cc4769182e2c
 SHA512:
-  metadata.gz: f873d27dc9b5ba0b9c10d7d227058618d901a48643ba31e491e1530b34356aa88ac8a197e9731d83a2a535ffa7577ba674578af8b90de3d02f7537d6359063d5
-  data.tar.gz: d72dfc490d0f71a076885eeabf435a89bca3658ce31a465666725a19e1d0f3c682d51f899922a2b6dbfdbfe8ee8d880fc0b0d0a13ac2536c5ce8f276f64b059b
+  metadata.gz: 3cc070d29a185dc80cee33c3b69bf06772c226721ed9f42fba167a702a917ac04b50729ee3354d430b2a7c840581e98b75236cb4298e77aeee749fd9af6f56f2
+  data.tar.gz: a040bf6621ea2e35b421bc9098a5ec2569bc24e51ea6ae5346eec8c9e05d91e2560b96843d553589f8bbab10f009725947e76b306c5bb785c16ae0f3006baed8

data/lib/smart_proxy_remote_execution_ssh/actions/pull_script.rb

@@ -56,37 +56,52 @@ module Proxy::RemoteExecution::Ssh::Actions
         # Client was notified or is already running, dealing with this situation
         # is only supported if mqtt is available
         # Otherwise we have to wait it out
-        # TODO
-        # if input[:with_mqtt]
+        mqtt_cancel if input[:with_mqtt]
       end
       suspend
     end
 
     def mqtt_start(otp_password)
-      payload = {
-        type: 'data',
-        message_id: SecureRandom.uuid,
-        version: 1,
-        sent: DateTime.now.iso8601,
-        directive: 'foreman',
+      payload = mqtt_payload_base.merge(
+        content: "#{input[:proxy_url]}/ssh/jobs/#{input[:job_uuid]}",
         metadata: {
+          'event': 'start',
           'job_uuid': input[:job_uuid],
           'username': execution_plan_id,
           'password': otp_password,
           'return_url': "#{input[:proxy_url]}/ssh/jobs/#{input[:job_uuid]}/update",
         },
-        content: "#{input[:proxy_url]}/ssh/jobs/#{input[:job_uuid]}",
-      }
+      )
       mqtt_notify payload
       output[:state] = :notified
     end
 
+    def mqtt_cancel
+      cleanup
+      payload = mqtt_payload_base.merge(
+        metadata: {
+          'event': 'cancel',
+          'job_uuid': input[:job_uuid]
+        }
+      )
+      mqtt_notify payload
+    end
+
     def mqtt_notify(payload)
-      MQTT::Client.connect(settings.mqtt_broker, settings.mqtt_port) do |c|
+      with_mqtt_client do |c|
         c.publish(mqtt_topic, JSON.dump(payload), false, 1)
       end
     end
 
+    def with_mqtt_client(&block)
+      MQTT::Client.connect(settings.mqtt_broker, settings.mqtt_port,
+                           :ssl => settings.mqtt_tls,
+                           :cert_file => ::Proxy::SETTINGS.foreman_ssl_cert,
+                           :key_file => ::Proxy::SETTINGS.foreman_ssl_key,
+                           :ca_file => ::Proxy::SETTINGS.foreman_ssl_ca,
+                           &block)
+    end
+
     def host_name
       alternative_names = input.fetch(:alternative_names, {})
 
@@ -106,5 +121,15 @@ module Proxy::RemoteExecution::Ssh::Actions
     def job_storage
       Proxy::RemoteExecution::Ssh.job_storage
     end
+
+    def mqtt_payload_base
+      {
+        type: 'data',
+        message_id: SecureRandom.uuid,
+        version: 1,
+        sent: DateTime.now.iso8601,
+        directive: 'foreman'
+      }
+    end
   end
 end

data/lib/smart_proxy_remote_execution_ssh/api.rb

@@ -13,14 +13,16 @@ module Proxy::RemoteExecution
         File.read(Ssh.public_key_file)
       end
 
-      post "/session" do
-        do_authorize_any
-        session = Cockpit::Session.new(env)
-        unless session.valid?
-          return [ 400, "Invalid request: /ssh/session requires connection upgrade to 'raw'" ]
+      if Proxy::RemoteExecution::Ssh::Plugin.settings.cockpit_integration
+        post "/session" do
+          do_authorize_any
+          session = Cockpit::Session.new(env)
+          unless session.valid?
+            return [ 400, "Invalid request: /ssh/session requires connection upgrade to 'raw'" ]
+          end
+          session.hijack!
+          101
         end
-        session.hijack!
-        101
       end
 
       delete '/known_hosts/:name' do |name|

data/lib/smart_proxy_remote_execution_ssh/plugin.rb

@@ -12,15 +12,19 @@ module Proxy::RemoteExecution::Ssh
                      :remote_working_dir      => '/var/tmp',
                      :local_working_dir       => '/var/tmp',
                      :kerberos_auth           => false,
+                     :cockpit_integration     => true,
                      # When set to nil, makes REX use the runner's default interval
                      # :runner_refresh_interval => nil,
                      :ssh_log_level           => :error,
                      :cleanup_working_dirs    => true,
                      # :mqtt_broker             => nil,
                      # :mqtt_port               => nil,
+                     # :mqtt_tls                => nil,
                      :mode                    => :ssh
 
-    plugin :ssh, Proxy::RemoteExecution::Ssh::VERSION
+    capability(proc { 'cockpit' if settings.cockpit_integration })
+
+    plugin :script, Proxy::RemoteExecution::Ssh::VERSION
     after_activation do
       require 'smart_proxy_dynflow'
       require 'smart_proxy_remote_execution_ssh/version'

data/lib/smart_proxy_remote_execution_ssh/runners/polling_script_runner.rb

@@ -36,13 +36,12 @@ module Proxy::RemoteExecution::Ssh::Runners
     def initialization_script
       close_stdin = '</dev/null'
       close_fds = close_stdin + ' >/dev/null 2>/dev/null'
-      main_script = "(#{@remote_script} #{close_stdin} 2>&1; echo $?>#{@base_dir}/init_exit_code) >#{@base_dir}/output"
+      main_script = "(#{@remote_script_wrapper} #{@remote_script} #{close_stdin} 2>&1; echo $?>#{@base_dir}/init_exit_code) >#{@base_dir}/output"
       control_script_finish = "#{@control_script_path} init-script-finish"
       <<-SCRIPT.gsub(/^ +\| /, '')
       | export CONTROL_SCRIPT="#{@control_script_path}"
-      | #{"chown #{@user_method.effective_user} '#{@base_dir}'" if @user_method.cli_command_prefix}
+      | #{"chown #{@user_method.effective_user} #{@base_dir}" if @user_method.cli_command_prefix}
       | #{@user_method.cli_command_prefix} sh -c '#{main_script}; #{control_script_finish}' #{close_fds} &
-      | echo $! > '#{@base_dir}/pid'
       SCRIPT
     end
 
@@ -51,18 +50,23 @@ module Proxy::RemoteExecution::Ssh::Runners
     end
 
     def refresh
-      err = output = nil
       begin
-        _, output, err = run_sync("#{@user_method.cli_command_prefix} #{@retrieval_script}")
+        pm = run_sync("#{@user_method.cli_command_prefix} #{@retrieval_script}")
       rescue StandardError => e
         @logger.info("Error while connecting to the remote host on refresh: #{e.message}")
       end
 
-      process_retrieved_data(output, err)
+      process_retrieved_data(pm.stdout.to_s.chomp, pm.stderr.to_s.chomp)
     ensure
       destroy_session
     end
 
+    def kill
+      run_sync("pkill -P $(cat #{@pid_path})")
+    rescue StandardError => e
+      publish_exception('Unexpected error', e, false)
+    end
+
     def process_retrieved_data(output, err)
       return if output.nil? || output.empty?
 
@@ -127,7 +131,11 @@ module Proxy::RemoteExecution::Ssh::Runners
     end
 
     def cleanup
-      run_sync("rm -rf \"#{remote_command_dir}\"") if @cleanup_working_dirs
+      if @cleanup_working_dirs
+        ensure_remote_command("rm -rf #{remote_command_dir}",
+                              publish: true,
+                              error: "Unable to remove working directory #{remote_command_dir} on remote system, exit code: %{exit_code}")
+      end
     end
 
     def destroy_session

data/lib/smart_proxy_remote_execution_ssh/runners/script_runner.rb

@@ -1,5 +1,6 @@
 require 'fileutils'
-require 'smart_proxy_dynflow/runner/command'
+require 'smart_proxy_dynflow/runner/process_manager_command'
+require 'smart_proxy_dynflow/process_manager'
 
 module Proxy::RemoteExecution::Ssh::Runners
   class EffectiveUserMethod
@@ -12,9 +13,9 @@ module Proxy::RemoteExecution::Ssh::Runners
       @password_sent = false
     end
 
-    def on_data(received_data, ssh_channel)
+    def on_data(received_data, io_buffer)
       if received_data.match(login_prompt)
-        ssh_channel.puts(effective_user_password)
+        io_buffer.add_data(effective_user_password + "\n")
         @password_sent = true
       end
     end
@@ -90,7 +91,7 @@ module Proxy::RemoteExecution::Ssh::Runners
 
   # rubocop:disable Metrics/ClassLength
   class ScriptRunner < Proxy::Dynflow::Runner::Base
-    include Proxy::Dynflow::Runner::Command
+    include Proxy::Dynflow::Runner::ProcessManagerCommand
     attr_reader :execution_timeout_interval
 
     EXPECTED_POWER_ACTION_MESSAGES = ['restart host', 'shutdown host'].freeze
@@ -110,7 +111,7 @@ module Proxy::RemoteExecution::Ssh::Runners
 
       @client_private_key_file = settings.ssh_identity_key_file
       @local_working_dir = options.fetch(:local_working_dir, settings.local_working_dir)
-      @remote_working_dir = options.fetch(:remote_working_dir, settings.remote_working_dir)
+      @remote_working_dir = options.fetch(:remote_working_dir, settings.remote_working_dir.shellescape)
       @cleanup_working_dirs = options.fetch(:cleanup_working_dirs, settings.cleanup_working_dirs)
       @first_execution = options.fetch(:first_execution, false)
       @user_method = user_method
@@ -141,6 +142,8 @@ module Proxy::RemoteExecution::Ssh::Runners
 
     def start
       Proxy::RemoteExecution::Utils.prune_known_hosts!(@host, @ssh_port, logger) if @first_execution
+      establish_connection
+      preflight_checks
       prepare_start
       script = initialization_script
       logger.debug("executing script:\n#{indent_multiline(script)}")
@@ -154,32 +157,63 @@ module Proxy::RemoteExecution::Ssh::Runners
       run_async(*args)
     end
 
+    def preflight_checks
+      ensure_remote_command(cp_script_to_remote("#!/bin/sh\nexec true", 'test'),
+        publish: true,
+        error: 'Failed to execute script on remote machine, exit code: %{exit_code}.'
+      )
+      unless @user_method.is_a? NoopUserMethod
+        path = cp_script_to_remote("#!/bin/sh\nexec #{@user_method.cli_command_prefix} true", 'effective-user-test')
+        ensure_remote_command(path,
+                              error: 'Failed to change to effective user, exit code: %{exit_code}',
+                              publish: true,
+                              tty: true,
+                              close_stdin: false)
+      end
+    end
+
+    def establish_connection
+      # run_sync ['-f', '-N'] would be cleaner, but ssh does not close its
+      # stderr which trips up the process manager which expects all FDs to be
+      # closed
+      ensure_remote_command(
+        'true',
+        publish: true,
+        error: 'Failed to establish connection to remote host, exit code: %{exit_code}'
+      )
+    end
+
     def prepare_start
       @remote_script = cp_script_to_remote
       @output_path = File.join(File.dirname(@remote_script), 'output')
       @exit_code_path = File.join(File.dirname(@remote_script), 'exit_code')
+      @pid_path = File.join(File.dirname(@remote_script), 'pid')
+      @remote_script_wrapper = upload_data("echo $$ > #{@pid_path}; exec \"$@\";", File.join(File.dirname(@remote_script), 'script-wrapper'), 555)
     end
 
     # the script that initiates the execution
     def initialization_script
       su_method = @user_method.instance_of?(SuUserMethod)
       # pipe the output to tee while capturing the exit code in a file
-      <<-SCRIPT.gsub(/^\s+\| /, '')
-      | sh -c "(#{@user_method.cli_command_prefix}#{su_method ? "'#{@remote_script} < /dev/null '" : "#{@remote_script} < /dev/null"}; echo \\$?>#{@exit_code_path}) | /usr/bin/tee #{@output_path}
-      | exit \\$(cat #{@exit_code_path})"
+      <<~SCRIPT
+        sh <<EOF | /usr/bin/tee #{@output_path}
+        #{@remote_script_wrapper} #{@user_method.cli_command_prefix}#{su_method ? "'#{@remote_script} < /dev/null '" : "#{@remote_script} < /dev/null"}
+        echo \\$?>#{@exit_code_path}
+        EOF
+        exit $(cat #{@exit_code_path})
       SCRIPT
     end
 
     def refresh
-      return if @session.nil?
+      return if @process_manager.nil?
       super
     ensure
       check_expecting_disconnect
     end
 
     def kill
-      if @session
-        run_sync("pkill -f #{remote_command_file('script')}")
+      if @process_manager&.started?
+        run_sync("pkill -P $(cat #{@pid_path})")
       else
         logger.debug('connection closed')
       end
@@ -197,28 +231,28 @@ module Proxy::RemoteExecution::Ssh::Runners
     end
 
     def close_session
-      @session = nil
       raise 'Control socket file does not exist' unless File.exist?(local_command_file("socket"))
       @logger.debug("Sending exit request for session #{@ssh_user}@#{@host}")
-      args = ['/usr/bin/ssh', @host, "-o", "User=#{@ssh_user}", "-o", "ControlPath=#{local_command_file("socket")}", "-O", "exit"].flatten
-      pid, *, err = session(args, in_stream: false, out_stream: false)
-      result = read_output_debug(err)
-      Process.wait(pid)
-      result
+      args = ['/usr/bin/ssh', @host, "-o", "ControlPath=#{local_command_file("socket")}", "-O", "exit"].flatten
+      pm = Proxy::Dynflow::ProcessManager.new(args)
+      pm.on_stdout { |data| @logger.debug "[close_session]: #{data.chomp}"; data }
+      pm.on_stderr { |data| @logger.debug "[close_session]: #{data.chomp}"; data }
+      pm.run!
     end
 
     def close
-      run_sync("rm -rf \"#{remote_command_dir}\"") if should_cleanup?
+      run_sync("rm -rf #{remote_command_dir}") if should_cleanup?
     rescue StandardError => e
       publish_exception('Error when removing remote working dir', e, false)
     ensure
-      close_session if @session
+      close_session if @process_manager
       FileUtils.rm_rf(local_command_dir) if Dir.exist?(local_command_dir) && @cleanup_working_dirs
     end
 
-    def publish_data(data, type)
+    def publish_data(data, type, pm = nil)
+      pm ||= @process_manager
       super(data.force_encoding('UTF-8'), type) unless @user_method.filter_password?(data)
-      @user_method.on_data(data, @command_in)
+      @user_method.on_data(data, pm.stdin) if pm
     end
 
     private
@@ -228,24 +262,7 @@ module Proxy::RemoteExecution::Ssh::Runners
     end
 
     def should_cleanup?
-      @session && @cleanup_working_dirs
-    end
-
-    # Creates session with three pipes - one for reading and two for
-    # writing. Similar to `Open3.popen3` method but without creating
-    # a separate thread to monitor it.
-    def session(args, in_stream: true, out_stream: true, err_stream: true)
-      @session = true
-
-      in_read, in_write = in_stream ? IO.pipe : '/dev/null'
-      out_read, out_write = out_stream ? IO.pipe : [nil, '/dev/null']
-      err_read, err_write = err_stream ? IO.pipe : [nil, '/dev/null']
-      command_pid = spawn(*args, :in => in_read, :out => out_write, :err => err_write)
-      in_read.close if in_stream
-      out_write.close if out_stream
-      err_write.close if err_stream
-
-      return command_pid, in_write, out_read, err_read
+      @process_manager && @cleanup_working_dirs
     end
 
     def ssh_options(with_pty = false)
@@ -280,42 +297,31 @@ module Proxy::RemoteExecution::Ssh::Runners
     # available. The yielding doesn't happen automatically, but as
     # part of calling the `refresh` method.
     def run_async(command)
-      raise 'Async command already in progress' if @started
+      raise 'Async command already in progress' if @process_manager&.started?
 
-      @started = false
       @user_method.reset
-      @command_pid, @command_in, @command_out = session(get_args(command, with_pty: true), err_stream: false)
-      @started = true
+      initialize_command(*get_args(command, true))
 
-      return true
+      true
     end
 
     def run_started?
-      @started && @user_method.sent_all_data?
+      @process_manager&.started? && @user_method.sent_all_data?
     end
 
-    def read_output_debug(err_io, out_io = nil)
-      stdout = ''
-      debug_str = ''
-
-      if out_io
-        stdout += out_io.read until out_io.eof? rescue
-        out_io.close
+    def run_sync(command, stdin: nil, publish: false, close_stdin: true, tty: false)
+      pm = Proxy::Dynflow::ProcessManager.new(get_args(command, tty))
+      if publish
+        pm.on_stdout { |data| publish_data(data, 'stdout', pm); '' }
+        pm.on_stderr { |data| publish_data(data, 'stderr', pm); '' }
       end
-      debug_str += err_io.read until err_io.eof? rescue
-      err_io.close
-      debug_str.lines.each { |line| @logger.debug(line.strip) }
-
-      return stdout, debug_str
-    end
-
-    def run_sync(command, stdin = nil)
-      pid, tx, rx, err = session(get_args(command))
-      tx.puts(stdin) unless stdin.nil?
-      tx.close
-      stdout, stderr = read_output_debug(err, rx)
-      exit_status = Process.wait2(pid)[1].exitstatus
-      return exit_status, stdout, stderr
+      pm.start!
+      unless pm.status
+        pm.stdin.io.puts(stdin) if stdin
+        pm.stdin.io.close if close_stdin
+        pm.run!
+      end
+      pm
     end
 
     def prepare_known_hosts
@@ -362,15 +368,14 @@ module Proxy::RemoteExecution::Ssh::Runners
       # We use tee here to pipe stdin coming from ssh to a file at $path, while silencing its output
       # This is used to write to $path with elevated permissions, solutions using cat and output redirection
       # would not work, because the redirection would happen in the non-elevated shell.
-      command = "tee '#{path}' >/dev/null && chmod '#{permissions}' '#{path}'"
+      command = "tee #{path} >/dev/null && chmod #{permissions} #{path}"
 
       @logger.debug("Sending data to #{path} on remote host:\n#{data}")
-      status, _out, err = run_sync(command, data)
-
-      @logger.warn("Output on stderr while uploading #{path}:\n#{err}") unless err.empty?
-      if status != 0
-        raise "Unable to upload file to #{path} on remote system: exit code: #{status}"
-      end
+      ensure_remote_command(command,
+        publish: true,
+        stdin: data,
+        error: "Unable to upload file to #{path} on remote system, exit code: %{exit_code}"
+      )
 
       path
     end
@@ -382,9 +387,16 @@ module Proxy::RemoteExecution::Ssh::Runners
     end
 
     def ensure_remote_directory(path)
-      exit_code, _output, err = run_sync("mkdir -p #{path}")
-      if exit_code != 0
-        raise "Unable to create directory on remote system #{path}: exit code: #{exit_code}\n #{err}"
+      ensure_remote_command("mkdir -p #{path}",
+        publish: true,
+        error: "Unable to create directory #{path} on remote system, exit code: %{exit_code}"
+      )
+    end
+
+    def ensure_remote_command(cmd, error: nil, **kwargs)
+      if (pm = run_sync(cmd, **kwargs)).status != 0
+        msg = error || 'Failed to run command %{command} on remote machine, exit code: %{exit_code}'
+        raise(msg % { command: cmd, exit_code: pm.status })
       end
     end
 

data/lib/smart_proxy_remote_execution_ssh/version.rb

@@ -1,7 +1,7 @@
 module Proxy
   module RemoteExecution
     module Ssh
-      VERSION = '0.5.3'
+      VERSION = '0.6.0'
     end
   end
 end

data/lib/smart_proxy_remote_execution_ssh.rb

@@ -7,21 +7,8 @@ module Proxy::RemoteExecution
   module Ssh
     class << self
       def validate!
-        unless private_key_file
-          raise "settings for `ssh_identity_key` not set"
-        end
-
-        unless File.exist?(private_key_file)
-          raise "Ssh public key file #{private_key_file} doesn't exist.\n"\
-            "You can generate one with `ssh-keygen -t rsa -b 4096 -f #{private_key_file} -N ''`"
-        end
-
-        unless File.exist?(public_key_file)
-          raise "Ssh public key file #{public_key_file} doesn't exist"
-        end
-
         validate_mode!
-        validate_ssh_log_level!
+        validate_ssh_settings!
         validate_mqtt_settings!
       end
 
@@ -60,6 +47,28 @@ module Proxy::RemoteExecution
 
         raise 'mqtt_broker has to be set when pull-mqtt mode is used' if Plugin.settings.mqtt_broker.nil?
         raise 'mqtt_port has to be set when pull-mqtt mode is used' if Plugin.settings.mqtt_port.nil?
+
+        if Plugin.settings.mqtt_tls.nil?
+          Plugin.settings.mqtt_tls = [:foreman_ssl_cert, :foreman_ssl_key, :foreman_ssl_ca].all? { |key| ::Proxy::SETTINGS[key] }
+        end
+      end
+
+      def validate_ssh_settings!
+        return unless requires_configured_ssh?
+        unless private_key_file
+          raise "settings for `ssh_identity_key` not set"
+        end
+
+        unless File.exist?(private_key_file)
+          raise "SSH public key file #{private_key_file} doesn't exist.\n"\
+            "You can generate one with `ssh-keygen -t rsa -b 4096 -f #{private_key_file} -N ''`"
+        end
+
+        unless File.exist?(public_key_file)
+          raise "SSH public key file #{public_key_file} doesn't exist"
+        end
+
+        validate_ssh_log_level!
       end
 
       def validate_ssh_log_level!
@@ -83,6 +92,10 @@ module Proxy::RemoteExecution
         Plugin.settings.ssh_log_level = Plugin.settings.ssh_log_level.to_sym
       end
 
+      def requires_configured_ssh?
+        %i[ssh ssh-async].include?(Plugin.settings.mode) || Plugin.settings.cockpit_integration
+      end
+
       def job_storage
         @job_storage ||= Proxy::RemoteExecution::Ssh::JobStorage.new
       end

data/settings.d/remote_execution_ssh.yml.example

@@ -5,6 +5,8 @@
 :remote_working_dir: '/var/tmp'
 # :kerberos_auth: false
 
+# :cockpit_integration: true
+
 # Mode of operation, one of ssh, ssh-async, pull, pull-mqtt
 :mode: ssh
 
@@ -24,3 +26,8 @@
 # MQTT configuration, need to be set if mode is set to pull-mqtt
 # :mqtt_broker: localhost
 # :mqtt_port: 1883
+
+# Use of SSL can be forced either way by explicitly setting mqtt_tls setting. If
+# unset, SSL gets used if smart-proxy's foreman_ssl_cert, foreman_ssl_key and
+# foreman_ssl_ca settings are set available.
+# :mqtt_tls:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_remote_execution_ssh
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.6.0
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-04 00:00:00.000000000 Z
+date: 2022-04-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -114,14 +114,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.5'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: net-ssh
   requirement: !ruby/object:Gem::Requirement