From 12d8f9132e8cb77f9de25860c0f463a89e8b986d Mon Sep 17 00:00:00 2001 From: Abhijit Menon-Sen Date: Wed, 2 Sep 2015 10:09:32 +0530 Subject: [PATCH] Make lock_host_keys a real noop, instead of half-a-noop Right now, we don't do any locking, but we still scan known_hosts files twice per connection. That's completely unnecessary, and the proposed solutions to the locking problem wouldn't need known_hosts scanning anyway, so this code can go away. --- lib/ansible/plugins/connections/ssh.py | 72 +++----------------------- 1 file changed, 8 insertions(+), 64 deletions(-) diff --git a/lib/ansible/plugins/connections/ssh.py b/lib/ansible/plugins/connections/ssh.py index 9c16168413..6dae226722 100644 --- a/lib/ansible/plugins/connections/ssh.py +++ b/lib/ansible/plugins/connections/ssh.py @@ -207,73 +207,17 @@ class Connection(ConnectionBase): stdin.close() return (p.returncode, stdout, stderr) - def not_in_host_file(self, host): - if 'USER' in os.environ: - user_host_file = os.path.expandvars("~${USER}/.ssh/known_hosts") - else: - user_host_file = "~/.ssh/known_hosts" - user_host_file = os.path.expanduser(user_host_file) - - host_file_list = [] - host_file_list.append(user_host_file) - host_file_list.append("/etc/ssh/ssh_known_hosts") - host_file_list.append("/etc/ssh/ssh_known_hosts2") - - hfiles_not_found = 0 - for hf in host_file_list: - if not os.path.exists(hf): - hfiles_not_found += 1 - continue - try: - host_fh = open(hf) - except IOError as e: - hfiles_not_found += 1 - continue - else: - data = host_fh.read() - host_fh.close() - - for line in data.split("\n"): - if line is None or " " not in line: - continue - tokens = line.split() - if not tokens: - continue - - if isinstance(tokens, list) and tokens: # skip invalid hostlines - if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: - # this is a hashed known host entry - try: - (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) - hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) - hash.update(host) - if hash.digest() == kn_host.decode('base64'): - return False - except: - # invalid hashed host key, skip it - continue - else: - # standard host file entry - if host in tokens[0]: - return False - - if (hfiles_not_found == len(host_file_list)): - self._display.vvv("EXEC previous known host file not found for {0}".format(host)) - return True - def lock_host_keys(self, lock): - if C.HOST_KEY_CHECKING and self.not_in_host_file(self.host): - if lock: - action = fcntl.LOCK_EX - else: - action = fcntl.LOCK_UN + # lock around the initial SSH connectivity so the user prompt about + # whether to add the host to known hosts is not intermingled with + # multiprocess output. + # + # This is a noop for now, pending further investigation. The lock file + # should be opened in TaskQueueManager and passed down through the + # PlayContext. - # lock around the initial SSH connectivity so the user prompt about whether to add - # the host to known hosts is not intermingled with multiprocess output. - # FIXME: move the locations of these lock files, same as init above, these came from runner, probably need to be in task_executor - # fcntl.lockf(self.process_lockfile, action) - # fcntl.lockf(self.output_lockfile, action) + pass def exec_command(self, *args, **kwargs): """