Skip to content

Commit

Permalink
Merge commit '6cf6f69751e4533eb4f77d2e277c5989571357a5' into release-…
Browse files Browse the repository at this point in the history
…v0.3.17
  • Loading branch information
moreati committed Nov 7, 2024
2 parents c883f17 + 6cf6f69 commit 35cc81b
Show file tree
Hide file tree
Showing 17 changed files with 126 additions and 59 deletions.
2 changes: 1 addition & 1 deletion .ci/ansible_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ def pause_if_interactive():

with ci_lib.Fold('job_setup'):
os.chdir(TESTS_DIR)
os.chmod('../data/docker/mitogen__has_sudo_pubkey.key', int('0600', 7))
os.chmod('../data/docker/mitogen__has_sudo_pubkey.key', int('0600', 8))

ci_lib.run("mkdir %s", HOSTS_DIR)
for path in glob.glob(TESTS_DIR + '/hosts/*'):
Expand Down
3 changes: 3 additions & 0 deletions .ci/localhost_ansible_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@
subprocess.check_call('sudo chmod 700 ~root/.ssh', shell=True)
subprocess.check_call('sudo chmod 600 ~root/.ssh/authorized_keys', shell=True)

os.chdir(IMAGE_PREP_DIR)
ci_lib.run("ansible-playbook -c local -i localhost, macos_localhost.yml")

if os.path.expanduser('~mitogen__user1') == '~mitogen__user1':
os.chdir(IMAGE_PREP_DIR)
ci_lib.run("ansible-playbook -c local -i localhost, _user_accounts.yml")
Expand Down
27 changes: 13 additions & 14 deletions ansible_mitogen/transport_config.py
Original file line number Diff line number Diff line change
Expand Up @@ -442,18 +442,22 @@ def _become_option(self, name):
raise

LOG.info(
'Used PlayContext fallback for plugin=%r, option=%r',
self._connection, name,
'Used fallback=PlayContext.%s for plugin=%r, option=%r',
name, self._connection, name,
)
return getattr(self._play_context, name)


def _connection_option(self, name):
def _connection_option(self, name, fallback_attr=None):
try:
return self._connection.get_option(name, hostvars=self._task_vars)
except KeyError:
LOG.debug('Used PlayContext fallback for option=%r', name)
return getattr(self._play_context, name)
if fallback_attr is None:
fallback_attr = name
LOG.info(
'Used fallback=PlayContext.%s for plugin=%r, option=%r',
fallback_attr, self._connection, name,
)
return getattr(self._play_context, fallback_attr)

def transport(self):
return self._transport
Expand All @@ -462,7 +466,7 @@ def inventory_name(self):
return self._inventory_name

def remote_addr(self):
return self._play_context.remote_addr
return self._connection_option('host', fallback_attr='remote_addr')

def remote_user(self):
return self._connection_option('remote_user')
Expand Down Expand Up @@ -500,15 +504,10 @@ def python_path(self, rediscover_python=False):
rediscover_python=rediscover_python)

def host_key_checking(self):
def candidates():
yield self._connection.get_task_var('ansible_ssh_host_key_checking')
yield self._connection.get_task_var('ansible_host_key_checking')
yield C.HOST_KEY_CHECKING
val = next((v for v in candidates() if v is not None), True)
return boolean(val)
return self._connection_option('host_key_checking')

def private_key_file(self):
return self._play_context.private_key_file
return self._connection_option('private_key_file')

def ssh_executable(self):
return self._connection_option('ssh_executable')
Expand Down
14 changes: 14 additions & 0 deletions docs/changelog.rst
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,20 @@ To avail of fixes in an unreleased version, please download a ZIP file
`directly from GitHub <https://github.com/mitogen-hq/mitogen/>`_.


v0.3.17 (2024-11-07)
--------------------

* :gh:issue:`1182` CI: Fix incorrect world readable/writable file permissions
on SSH key ``mitogen__has_sudo_pubkey.key`` during Ansible tests.
* :gh:issue:`1083` :mod:`ansible_mitogen`: Templated SSH private key file
(e.g. ``ansible_private_key_file``).
* :gh:issue:`1083` :mod:`ansible_mitogen`: Templated SSH host key checking
(e.g. ``ansible_host_key_checking``, ``ansible_ssh_host_key_checking``).
* :gh:issue:`1083` :mod:`ansible_mitogen`: Templated host address
(e.g. ``ansible_host``, ``ansible_ssh_host``)
* :gh:issue:`1184` Test templated SSH host key checking in task vars


v0.3.16 (2024-11-05)
--------------------

Expand Down
2 changes: 1 addition & 1 deletion mitogen/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@


#: Library version as a tuple.
__version__ = (0, 3, 16)
__version__ = (0, 3, 17)


#: This is :data:`False` in slave contexts. Previously it was used to prevent
Expand Down
17 changes: 7 additions & 10 deletions tests/ansible/hosts/default.hosts
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,6 @@ ssh_args_canary_file=/tmp/ssh_args_by_inv_{{ inventory_hostname }}
[tt_targets_bare]
tt-bare

[tt_targets_bare:vars]
ansible_host=localhost

[tt_become_bare]
tt-become-bare

Expand All @@ -43,10 +40,10 @@ ansible_host=localhost
ansible_user="{{ lookup('pipe', 'whoami') }}"

[tt_targets_inventory]
tt-password ansible_password="{{ 'has_sudo_nopw_password' | trim }}" ansible_user=mitogen__has_sudo_nopw
tt-port ansible_password=has_sudo_nopw_password ansible_port="{{ 22 | int }}" ansible_user=mitogen__has_sudo_nopw
tt-remote-user ansible_password=has_sudo_nopw_password ansible_user="{{ 'mitogen__has_sudo_nopw' | trim }}"
tt-ssh-executable ansible_password=has_sudo_nopw_password ansible_ssh_executable="{{ 'ssh' | trim }}" ansible_user=mitogen__has_sudo_nopw

[tt_targets_inventory:vars]
ansible_host=localhost
tt-host ansible_host="{{ 'localhost' | trim }}" ansible_password=has_sudo_nopw_password ansible_user=mitogen__has_sudo_nopw
tt-host-key-checking ansible_host=localhost ansible_host_key_checking="{{ 'false' | trim }}" ansible_password=has_sudo_nopw_password ansible_user=mitogen__has_sudo_nopw
tt-password ansible_host=localhost ansible_password="{{ 'has_sudo_nopw_password' | trim }}" ansible_user=mitogen__has_sudo_nopw
tt-port ansible_host=localhost ansible_password=has_sudo_nopw_password ansible_port="{{ 22 | int }}" ansible_user=mitogen__has_sudo_nopw
tt-private-key-file ansible_host=localhost ansible_private_key_file="{{ git_basedir }}/tests/data/docker/mitogen__has_sudo_pubkey.key" ansible_user=mitogen__has_sudo_pubkey
tt-remote-user ansible_host=localhost ansible_password=has_sudo_nopw_password ansible_user="{{ 'mitogen__has_sudo_nopw' | trim }}"
tt-ssh-executable ansible_host=localhost ansible_password=has_sudo_nopw_password ansible_ssh_executable="{{ 'ssh' | trim }}" ansible_user=mitogen__has_sudo_nopw
1 change: 1 addition & 0 deletions tests/ansible/integration/ssh/args_by_play_taskvar.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
hosts: tt_targets_bare
gather_facts: false
vars:
ansible_host: "{{ hostvars[groups['test-targets'][0]].host | default('localhost') }}"
ansible_password: "{{ 'has_sudo_nopw_password' | trim }}"
ansible_port: "{{ hostvars[groups['test-targets'][0]].ansible_port | default(22) }}"
ansible_ssh_common_args: >-
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
gather_facts: false
remote_user: "{{ 'mitogen__has_sudo_nopw' | trim }}"
vars:
ansible_host: "{{ hostvars[groups['test-targets'][0]].host | default('localhost') }}"
ansible_password: has_sudo_nopw_password
ansible_port: "{{ hostvars[groups['test-targets'][0]].ansible_port | default(22) }}"
tasks:
Expand Down
25 changes: 24 additions & 1 deletion tests/ansible/integration/ssh/templated_by_play_taskvar.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,35 @@
hosts: tt_targets_bare
gather_facts: false
vars:
ansible_host: "{{ hostvars[groups['test-targets'][0]].host | default('localhost') }}"
ansible_host_key_checking: "{{ 'false' | trim }}"
ansible_password: "{{ 'has_sudo_nopw_password' | trim }}"
ansible_port: "{{ hostvars[groups['test-targets'][0]].ansible_port | default(22) }}"
ansible_ssh_executable: "{{ 'ssh' | trim }}"
ansible_user: "{{ 'mitogen__has_sudo_nopw' | trim }}"

tasks:
- meta: reset_connection
- name: Templated variables in play
- name: Templated variables in play, password authentication
ping:

- name: integration/ssh/templated_by_play_taskvar.yml
hosts: tt_targets_bare
gather_facts: false
vars:
ansible_host: "{{ hostvars[groups['test-targets'][0]].host | default('localhost') }}"
ansible_host_key_checking: "{{ 'false' | trim }}"
ansible_private_key_file: "{{ git_basedir }}/tests/data/docker/mitogen__has_sudo_pubkey.key"
ansible_port: "{{ hostvars[groups['test-targets'][0]].ansible_port | default(22) }}"
ansible_ssh_executable: "{{ 'ssh' | trim }}"
ansible_user: "{{ 'mitogen__has_sudo_pubkey' | trim }}"

tasks:
- meta: end_play
when:
# https://github.com/ansible/ansible/issues/84238
- not is_mitogen
- ansible_version.full is version('2.19', '<', strict=True)
- meta: reset_connection
- name: Templated variables in play, key authentication
ping:
2 changes: 2 additions & 0 deletions tests/ansible/integration/ssh/templated_by_task_keyword.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
# https://github.com/mitogen-hq/mitogen/issues/1132
remote_user: "{{ 'mitogen__has_sudo_nopw' | trim }}"
vars:
ansible_host: "{{ hostvars[groups['test-targets'][0]].host | default('localhost') }}"
ansible_password: has_sudo_nopw_password
ansible_port: "{{ hostvars[groups['test-targets'][0]].ansible_port | default(22) }}"
tasks:
Expand All @@ -19,6 +20,7 @@
delegate_to: "{{ groups.tt_targets_bare[0] }}"
remote_user: "{{ 'mitogen__has_sudo_nopw' | trim }}"
vars:
ansible_host: "{{ hostvars[groups['test-targets'][0]].host | default('localhost') }}"
ansible_password: has_sudo_nopw_password
ansible_port: "{{ hostvars[groups['test-targets'][0]].ansible_port | default(22) }}"
ping:
7 changes: 2 additions & 5 deletions tests/ansible/integration/ssh/variables.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,6 @@
-o "ControlPath /tmp/mitogen-ansible-test-{{18446744073709551615|random}}"
tasks:
- name: setup ansible_ssh_private_key_file
shell: chmod 0600 ../data/docker/mitogen__has_sudo_pubkey.key
args:
chdir: ../..

- name: ansible_user, ansible_ssh_private_key_file
shell: >
ANSIBLE_ANY_ERRORS_FATAL=false
Expand All @@ -34,6 +29,7 @@
args:
chdir: ../..
register: out
changed_when: false

- name: ansible_user, wrong ansible_ssh_private_key_file
shell: >
Expand All @@ -52,6 +48,7 @@
args:
chdir: ../..
register: out
changed_when: false
ignore_errors: true

- assert:
Expand Down
16 changes: 7 additions & 9 deletions tests/ansible/templates/test-targets.j2
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@ ssh_args_canary_file=/tmp/ssh_args_by_inv_{{ '{{' }} inventory_hostname {{ '}}'
tt-bare

[tt_targets_bare:vars]
ansible_host={{ tt.hostname }}
ansible_python_interpreter={{ tt.python_path }}

[tt_become_bare]
Expand All @@ -71,11 +70,10 @@ ansible_python_interpreter={{ tt.python_path }}
ansible_user=mitogen__has_sudo_nopw

[tt_targets_inventory]
tt-password ansible_password="{{ '{{' }} 'has_sudo_nopw_password' | trim {{ '}}' }}" ansible_port={{ tt.port }} ansible_user=mitogen__has_sudo_nopw
tt-port ansible_password=has_sudo_nopw_password ansible_port="{{ '{{' }} {{ tt.port }} | int {{ '}}' }}" ansible_user=mitogen__has_sudo_nopw
tt-remote-user ansible_password=has_sudo_nopw_password ansible_port={{ tt.port }} ansible_user="{{ '{{' }} 'mitogen__has_sudo_nopw' | trim {{ '}}' }}"
tt-ssh-executable ansible_password=has_sudo_nopw_password ansible_port={{ tt.port }} ansible_ssh_executable="{{ '{{' }} 'ssh' | trim {{ '}}' }}" ansible_user=mitogen__has_sudo_nopw

[tt_targets_inventory:vars]
ansible_host={{ tt.hostname }}
ansible_python_interpreter={{ tt.python_path }}
tt-host ansible_host="{{ '{{' }} '{{ tt.hostname }}' | trim {{ '}}' }}" ansible_password=has_sudo_nopw_password ansible_port={{ tt.port }} ansible_python_interpreter={{ tt.python_path }} ansible_user=mitogen__has_sudo_nopw
tt-host-key-checking ansible_host={{ tt.hostname }} ansible_host_key_checking="{{ '{{' }} 'false' | trim {{ '}}' }}" ansible_password=has_sudo_nopw_password ansible_port={{ tt.port }} ansible_python_interpreter={{ tt.python_path }} ansible_user=mitogen__has_sudo_nopw
tt-password ansible_host={{ tt.hostname }} ansible_password="{{ '{{' }} 'has_sudo_nopw_password' | trim {{ '}}' }}" ansible_port={{ tt.port }} ansible_python_interpreter={{ tt.python_path }} ansible_user=mitogen__has_sudo_nopw
tt-port ansible_host={{ tt.hostname }} ansible_password=has_sudo_nopw_password ansible_port="{{ '{{' }} {{ tt.port }} | int {{ '}}' }}" ansible_python_interpreter={{ tt.python_path }} ansible_user=mitogen__has_sudo_nopw
tt-private-key-file ansible_host={{ tt.hostname }} ansible_port={{ tt.port }} ansible_private_key_file="{{ '{{' }} git_basedir {{ '}}' }}/tests/data/docker/mitogen__has_sudo_pubkey.key" ansible_python_interpreter={{ tt.python_path }} ansible_user=mitogen__has_sudo_pubkey
tt-remote-user ansible_host={{ tt.hostname }} ansible_password=has_sudo_nopw_password ansible_port={{ tt.port }} ansible_python_interpreter={{ tt.python_path }} ansible_user="{{ '{{' }} 'mitogen__has_sudo_nopw' | trim {{ '}}' }}"
tt-ssh-executable ansible_host={{ tt.hostname }} ansible_password=has_sudo_nopw_password ansible_port={{ tt.port }} ansible_python_interpreter={{ tt.python_path }} ansible_ssh_executable="{{ '{{' }} 'ssh' | trim {{ '}}' }}" ansible_user=mitogen__has_sudo_nopw
27 changes: 9 additions & 18 deletions tests/image_prep/_container_setup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,16 @@
gather_facts: true
vars:
distro: "{{ansible_distribution}}"
tasks:
- when: ansible_virtualization_type != "docker"
meta: end_play

pre_tasks:
- meta: end_play
when:
- ansible_facts.virtualization_type != "docker"

roles:
- role: sshd

tasks:
- name: Ensure requisite apt packages are installed
apt:
name: "{{ common_packages + packages }}"
Expand Down Expand Up @@ -134,10 +140,6 @@
content: |
i-am-mitogen-test-docker-image
- copy:
dest: /etc/ssh/banner.txt
src: ../data/docker/ssh_login_banner.txt

- name: Ensure /etc/sudoers.d exists
file:
state: directory
Expand Down Expand Up @@ -169,17 +171,6 @@
line: "%wheel ALL=(ALL) ALL"
when: ansible_os_family == 'RedHat'

- name: Enable SSH banner
lineinfile:
path: /etc/ssh/sshd_config
line: Banner /etc/ssh/banner.txt

- name: Allow remote SSH root login
lineinfile:
path: /etc/ssh/sshd_config
line: PermitRootLogin yes
regexp: '.*PermitRootLogin.*'

- name: Allow remote SSH root login
lineinfile:
path: /etc/pam.d/sshd
Expand Down
7 changes: 7 additions & 0 deletions tests/image_prep/macos_localhost.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
- name: Configure macOS
hosts: all
gather_facts: true
strategy: mitogen_free
become: true
roles:
- role: sshd
3 changes: 3 additions & 0 deletions tests/image_prep/roles/sshd/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
sshd_config_file: /etc/ssh/sshd_config

sshd_config__max_auth_tries: 50
File renamed without changes.
31 changes: 31 additions & 0 deletions tests/image_prep/roles/sshd/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
- name: Create login banner
copy:
src: banner.txt
dest: /etc/ssh/banner.txt
mode: u=rw,go=r

- name: Configure sshd_config
lineinfile:
path: "{{ sshd_config_file }}"
line: "{{ item.line }}"
regexp: "{{ item.regexp }}"
loop:
- line: Banner /etc/ssh/banner.txt
regexp: '^#? *Banner.*'
- line: MaxAuthTries {{ sshd_config__max_auth_tries }}
regexp: '^#? *MaxAuthTries.*'
- line: PermitRootLogin yes
regexp: '.*PermitRootLogin.*'
loop_control:
label: "{{ item.line }}"
register: configure_sshd_result

- name: Restart sshd
shell: |
launchctl unload /System/Library/LaunchDaemons/ssh.plist
wait 5
launchctl load -w /System/Library/LaunchDaemons/ssh.plist
changed_when: true
when:
- ansible_facts.distribution == "MacOSX"
- configure_sshd_result is changed

0 comments on commit 35cc81b

Please sign in to comment.