Make lock_host_keys a real noop, instead of half-a-noop

Right now, we don't do any locking, but we still scan known_hosts files twice per connection. That's completely unnecessary, and the proposed solutions to the locking problem wouldn't need known_hosts scanning anyway, so this code can go away.
2024-09-14 20:13:21 +02:00 · 2015-09-02 10:09:32 +05:30 · 2015-09-02 10:09:32 +05:30 · 12d8f9132e
commit 12d8f9132e
parent 88d3751c28
1 changed files with 8 additions and 64 deletions
--- a/lib/ansible/plugins/connections/ssh.py
+++ b/lib/ansible/plugins/connections/ssh.py
@ -207,73 +207,17 @@ class Connection(ConnectionBase):
        stdin.close()
        return (p.returncode, stdout, stderr)
    def not_in_host_file(self, host):
        if 'USER' in os.environ:
            user_host_file = os.path.expandvars("~${USER}/.ssh/known_hosts")
        else:
            user_host_file = "~/.ssh/known_hosts"
        user_host_file = os.path.expanduser(user_host_file)
        host_file_list = []
        host_file_list.append(user_host_file)
        host_file_list.append("/etc/ssh/ssh_known_hosts")
        host_file_list.append("/etc/ssh/ssh_known_hosts2")
        hfiles_not_found = 0
        for hf in host_file_list:
            if not os.path.exists(hf):
                hfiles_not_found += 1
                continue
            try:
                host_fh = open(hf)
            except IOError as e:
                hfiles_not_found += 1
                continue
            else:
                data = host_fh.read()
                host_fh.close()
            for line in data.split("\n"):
                if line is None or " " not in line:
                    continue
                tokens = line.split()
                if not tokens:
                    continue
                if isinstance(tokens, list) and tokens: # skip invalid hostlines
                    if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
                        # this is a hashed known host entry
                        try:
                            (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
                            hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
                            hash.update(host)
                            if hash.digest() == kn_host.decode('base64'):
                                return False
                        except:
                            # invalid hashed host key, skip it
                            continue
                    else:
                        # standard host file entry
                        if host in tokens[0]:
                            return False
        if (hfiles_not_found == len(host_file_list)):
            self._display.vvv("EXEC previous known host file not found for {0}".format(host))
        return True
    def lock_host_keys(self, lock):
-        if C.HOST_KEY_CHECKING and  self.not_in_host_file(self.host):
+        # lock around the initial SSH connectivity so the user prompt about
-            if lock:
+        # whether to add the host to known hosts is not intermingled with
-               action = fcntl.LOCK_EX
+        # multiprocess output.
-            else:
+        #
-               action = fcntl.LOCK_UN
+        # This is a noop for now, pending further investigation. The lock file
        # should be opened in TaskQueueManager and passed down through the
        # PlayContext.
-            # lock around the initial SSH connectivity so the user prompt about whether to add
+        pass
            # the host to known hosts is not intermingled with multiprocess output.
        # FIXME: move the locations of these lock files, same as init above, these came from runner, probably need to be in task_executor
        #    fcntl.lockf(self.process_lockfile, action)
        #    fcntl.lockf(self.output_lockfile, action)
    def exec_command(self, *args, **kwargs):
        """