diff --git a/lib/ansible/runner/connection_plugins/paramiko_alt.py b/lib/ansible/runner/connection_plugins/paramiko_alt.py deleted file mode 100644 index 1828ba1ab2..0000000000 --- a/lib/ansible/runner/connection_plugins/paramiko_alt.py +++ /dev/null @@ -1,344 +0,0 @@ -# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com> -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. - - -# --- -# The paramiko transport is provided because many distributions, in particular EL6 and before -# do not support ControlPersist in their SSH implementations. This is needed on the Ansible -# control machine to be reasonably efficient with connections. Thus paramiko is faster -# for most users on these platforms. Users with ControlPersist capability can consider -# using -c ssh or configuring the transport in ansible.cfg. - -import warnings -import os -import pipes -import socket -import random -import logging -import traceback -import fcntl -import sys -from termios import tcflush, TCIFLUSH -from binascii import hexlify -from ansible.callbacks import vvv -from ansible import errors -from ansible import utils -from ansible import constants as C - -AUTHENTICITY_MSG=""" -paramiko: The authenticity of host '%s' can't be established. -The %s key fingerprint is %s. -Are you sure you want to continue connecting (yes/no)? -""" - -# prevent paramiko warning noise -- see http://stackoverflow.com/questions/3920502/ -HAVE_PARAMIKO=False -with warnings.catch_warnings(): - warnings.simplefilter("ignore") - try: - import paramiko - HAVE_PARAMIKO=True - logging.getLogger("paramiko").setLevel(logging.WARNING) - except ImportError: - pass - -class MyAddPolicy(object): - """ - Based on AutoAddPolicy in paramiko so we can determine when keys are added - and also prompt for input. - - Policy for automatically adding the hostname and new host key to the - local L{HostKeys} object, and saving it. This is used by L{SSHClient}. - """ - - def __init__(self, runner): - self.runner = runner - - def missing_host_key(self, client, hostname, key): - - if C.HOST_KEY_CHECKING: - - fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX) - fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_EX) - - old_stdin = sys.stdin - sys.stdin = self.runner._new_stdin - fingerprint = hexlify(key.get_fingerprint()) - ktype = key.get_name() - - # clear out any premature input on sys.stdin - tcflush(sys.stdin, TCIFLUSH) - - inp = raw_input(AUTHENTICITY_MSG % (hostname, ktype, fingerprint)) - sys.stdin = old_stdin - if inp not in ['yes','y','']: - fcntl.flock(self.runner.output_lockfile, fcntl.LOCK_UN) - fcntl.flock(self.runner.process_lockfile, fcntl.LOCK_UN) - raise errors.AnsibleError("host connection rejected by user") - - fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_UN) - fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN) - - - key._added_by_ansible_this_time = True - - # existing implementation below: - client._host_keys.add(hostname, key.get_name(), key) - - # host keys are actually saved in close() function below - # in order to control ordering. - - -# keep connection objects on a per host basis to avoid repeated attempts to reconnect - -SSH_CONNECTION_CACHE = {} -SFTP_CONNECTION_CACHE = {} - -class Connection(object): - ''' SSH based connections with Paramiko ''' - - def __init__(self, runner, host, port, user, password, private_key_file, *args, **kwargs): - - self.ssh = None - self.sftp = None - self.runner = runner - self.host = host - self.port = port - self.user = user - self.password = password - self.private_key_file = private_key_file - self.has_pipelining = True - - def _cache_key(self): - return "%s__%s__" % (self.host, self.user) - - def connect(self): - cache_key = self._cache_key() - if cache_key in SSH_CONNECTION_CACHE: - self.ssh = SSH_CONNECTION_CACHE[cache_key] - else: - self.ssh = SSH_CONNECTION_CACHE[cache_key] = self._connect_uncached() - return self - - def _connect_uncached(self): - ''' activates the connection object ''' - - if not HAVE_PARAMIKO: - raise errors.AnsibleError("paramiko is not installed") - - vvv("ESTABLISH CONNECTION FOR USER: %s on PORT %s TO %s" % (self.user, self.port, self.host), host=self.host) - - ssh = paramiko.SSHClient() - - self.keyfile = os.path.expanduser("~/.ssh/known_hosts") - - if C.HOST_KEY_CHECKING: - ssh.load_system_host_keys() - ssh.set_missing_host_key_policy(MyAddPolicy(self.runner)) - - allow_agent = True - if self.password is not None: - allow_agent = False - try: - if self.private_key_file: - key_filename = os.path.expanduser(self.private_key_file) - elif self.runner.private_key_file: - key_filename = os.path.expanduser(self.runner.private_key_file) - else: - key_filename = None - ssh.connect(self.host, username=self.user, allow_agent=allow_agent, look_for_keys=True, - key_filename=key_filename, password=self.password, - timeout=self.runner.timeout, port=self.port) - except Exception, e: - msg = str(e) - if "PID check failed" in msg: - raise errors.AnsibleError("paramiko version issue, please upgrade paramiko on the machine running ansible") - elif "Private key file is encrypted" in msg: - msg = 'ssh %s@%s:%s : %s\nTo connect as a different user, use -u <username>.' % ( - self.user, self.host, self.port, msg) - raise errors.AnsibleConnectionFailed(msg) - else: - raise errors.AnsibleConnectionFailed(msg) - - return ssh - - def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=None, su_user=None): - ''' run a command on the remote host ''' - - bufsize = 4096 - try: - chan = self.ssh.get_transport().open_session() - except Exception, e: - msg = "Failed to open session" - if len(str(e)) > 0: - msg += ": %s" % str(e) - raise errors.AnsibleConnectionFailed(msg) - - if not (self.runner.sudo and sudoable) and not (self.runner.su and su) or in_data: - if executable: - quoted_command = executable + ' -c ' + pipes.quote(cmd) - else: - quoted_command = cmd - vvv("EXEC ALT no-tty %s" % quoted_command, host=self.host) - chan.exec_command(quoted_command) - else: - # sudo usually requires a PTY (cf. requiretty option), therefore - # we give it one by default (pty=True in ansble.cfg), and we try - # to initialise from the calling environment - if C.PARAMIKO_PTY: - chan.get_pty(term=os.getenv('TERM', 'vt100'), - width=int(os.getenv('COLUMNS', 0)), - height=int(os.getenv('LINES', 0))) - shcmd, prompt, success_key = utils.make_sudo_cmd(sudo_user, executable, cmd) - vvv("EXEC %s" % shcmd, host=self.host) - sudo_output = '' - try: - chan.exec_command(shcmd) - if self.runner.sudo_pass or self.runner.su_pass: - while not sudo_output.endswith(prompt) and success_key not in sudo_output: - chunk = chan.recv(bufsize) - if not chunk: - if 'unknown user' in sudo_output: - raise errors.AnsibleError( - 'user %s does not exist' % sudo_user) - else: - raise errors.AnsibleError('ssh connection ' + - 'closed waiting for password prompt') - sudo_output += chunk - if success_key not in sudo_output: - if sudoable: - chan.sendall(self.runner.sudo_pass + '\n') - elif su: - chan.sendall(self.runner.su_pass + '\n') - except socket.timeout: - raise errors.AnsibleError('ssh timed out waiting for sudo.\n' + sudo_output) - - if in_data: - try: - stdin = chan.makefile('wb') - stdin.write(in_data) - chan.shutdown_write() - except Exception, e: - raise errors.AnsibleError('SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh.') - - stdout = ''.join(chan.makefile('rb', bufsize)) - stderr = ''.join(chan.makefile_stderr('rb', bufsize)) - - return (chan.recv_exit_status(), '', stdout, stderr) - - def put_file(self, in_path, out_path): - ''' transfer a file from local to remote ''' - vvv("PUT %s TO %s" % (in_path, out_path), host=self.host) - if not os.path.exists(in_path): - raise errors.AnsibleFileNotFound("file or module does not exist: %s" % in_path) - try: - self.sftp = self.ssh.open_sftp() - except Exception, e: - raise errors.AnsibleError("failed to open a SFTP connection (%s)" % e) - try: - self.sftp.put(in_path, out_path) - except IOError: - raise errors.AnsibleError("failed to transfer file to %s" % out_path) - - def _connect_sftp(self): - cache_key = "%s__%s__" % (self.host, self.user) - if cache_key in SFTP_CONNECTION_CACHE: - return SFTP_CONNECTION_CACHE[cache_key] - else: - result = SFTP_CONNECTION_CACHE[cache_key] = self.connect().ssh.open_sftp() - return result - - def fetch_file(self, in_path, out_path): - ''' save a remote file to the specified path ''' - vvv("FETCH %s TO %s" % (in_path, out_path), host=self.host) - try: - self.sftp = self._connect_sftp() - except Exception, e: - raise errors.AnsibleError("failed to open a SFTP connection (%s)", e) - try: - self.sftp.get(in_path, out_path) - except IOError: - raise errors.AnsibleError("failed to transfer file from %s" % in_path) - - def _any_keys_added(self): - added_any = False - for hostname, keys in self.ssh._host_keys.iteritems(): - for keytype, key in keys.iteritems(): - added_this_time = getattr(key, '_added_by_ansible_this_time', False) - if added_this_time: - return True - return False - - def _save_ssh_host_keys(self, filename): - ''' - not using the paramiko save_ssh_host_keys function as we want to add new SSH keys at the bottom so folks - don't complain about it :) - ''' - - if not self._any_keys_added(): - return False - - path = os.path.expanduser("~/.ssh") - if not os.path.exists(path): - os.makedirs(path) - - f = open(filename, 'w') - for hostname, keys in self.ssh._host_keys.iteritems(): - for keytype, key in keys.iteritems(): - # was f.write - added_this_time = getattr(key, '_added_by_ansible_this_time', False) - if not added_this_time: - f.write("%s %s %s\n" % (hostname, keytype, key.get_base64())) - for hostname, keys in self.ssh._host_keys.iteritems(): - for keytype, key in keys.iteritems(): - added_this_time = getattr(key, '_added_by_ansible_this_time', False) - if added_this_time: - f.write("%s %s %s\n" % (hostname, keytype, key.get_base64())) - f.close() - - def close(self): - ''' terminate the connection ''' - cache_key = self._cache_key() - SSH_CONNECTION_CACHE.pop(cache_key, None) - SFTP_CONNECTION_CACHE.pop(cache_key, None) - if self.sftp is not None: - self.sftp.close() - - if C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added(): - - # add any new SSH host keys -- warning -- this could be slow - lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock") - dirname = os.path.dirname(self.keyfile) - if not os.path.exists(dirname): - os.makedirs(dirname) - - KEY_LOCK = open(lockfile, 'w') - fcntl.lockf(KEY_LOCK, fcntl.LOCK_EX) - try: - # just in case any were added recently - self.ssh.load_system_host_keys() - self.ssh._host_keys.update(self.ssh._system_host_keys) - self._save_ssh_host_keys(self.keyfile) - except: - # unable to save keys, including scenario when key was invalid - # and caught earlier - traceback.print_exc() - pass - fcntl.lockf(KEY_LOCK, fcntl.LOCK_UN) - - self.ssh.close() - diff --git a/lib/ansible/runner/connection_plugins/ssh_old.py b/lib/ansible/runner/connection_plugins/ssh_old.py deleted file mode 100644 index 55b19a6c10..0000000000 --- a/lib/ansible/runner/connection_plugins/ssh_old.py +++ /dev/null @@ -1,340 +0,0 @@ -# (c) 2012, Michael DeHaan <michael.dehaan@gmail.com> -# -# This file is part of Ansible -# -# Ansible is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Ansible is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with Ansible. If not, see <http://www.gnu.org/licenses/>. -# - -import os -import subprocess -import shlex -import pipes -import random -import select -import fcntl -import hmac -import pwd -import gettext -import pty -from hashlib import sha1 -import ansible.constants as C -from ansible.callbacks import vvv -from ansible import errors -from ansible import utils - -class Connection(object): - ''' ssh based connections ''' - - def __init__(self, runner, host, port, user, password, private_key_file, *args, **kwargs): - self.runner = runner - self.host = host - self.ipv6 = ':' in self.host - self.port = port - self.user = user - self.password = password - self.private_key_file = private_key_file - self.HASHED_KEY_MAGIC = "|1|" - self.has_pipelining = False - - fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX) - self.cp_dir = utils.prepare_writeable_dir('$HOME/.ansible/cp',mode=0700) - fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN) - - def connect(self): - ''' connect to the remote host ''' - - vvv("ESTABLISH CONNECTION FOR USER: %s" % self.user, host=self.host) - - self.common_args = [] - extra_args = C.ANSIBLE_SSH_ARGS - if extra_args is not None: - self.common_args += shlex.split(extra_args) - else: - self.common_args += ["-o", "ControlMaster=auto", - "-o", "ControlPersist=60s", - "-o", "ControlPath=%s" % (C.ANSIBLE_SSH_CONTROL_PATH % dict(directory=self.cp_dir))] - - cp_in_use = False - cp_path_set = False - for arg in self.common_args: - if arg.find("ControlPersist") != -1: - cp_in_use = True - if arg.find("ControlPath") != -1: - cp_path_set = True - - if cp_in_use and not cp_path_set: - self.common_args += ["-o", "ControlPath=%s" % (C.ANSIBLE_SSH_CONTROL_PATH % dict(directory=self.cp_dir))] - - if not C.HOST_KEY_CHECKING: - self.common_args += ["-o", "StrictHostKeyChecking=no"] - - if self.port is not None: - self.common_args += ["-o", "Port=%d" % (self.port)] - if self.private_key_file is not None: - self.common_args += ["-o", "IdentityFile="+os.path.expanduser(self.private_key_file)] - elif self.runner.private_key_file is not None: - self.common_args += ["-o", "IdentityFile="+os.path.expanduser(self.runner.private_key_file)] - if self.password: - self.common_args += ["-o", "GSSAPIAuthentication=no", - "-o", "PubkeyAuthentication=no"] - else: - self.common_args += ["-o", "KbdInteractiveAuthentication=no", - "-o", "PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey", - "-o", "PasswordAuthentication=no"] - if self.user != pwd.getpwuid(os.geteuid())[0]: - self.common_args += ["-o", "User="+self.user] - self.common_args += ["-o", "ConnectTimeout=%d" % self.runner.timeout] - - return self - - def _password_cmd(self): - if self.password: - try: - p = subprocess.Popen(["sshpass"], stdin=subprocess.PIPE, - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - p.communicate() - except OSError: - raise errors.AnsibleError("to use the 'ssh' connection type with passwords, you must install the sshpass program") - (self.rfd, self.wfd) = os.pipe() - return ["sshpass", "-d%d" % self.rfd] - return [] - - def _send_password(self): - if self.password: - os.close(self.rfd) - os.write(self.wfd, "%s\n" % self.password) - os.close(self.wfd) - - def not_in_host_file(self, host): - host_file = os.path.expanduser(os.path.expandvars("~${USER}/.ssh/known_hosts")) - if not os.path.exists(host_file): - print "previous known host file not found" - return True - host_fh = open(host_file) - data = host_fh.read() - host_fh.close() - for line in data.split("\n"): - if line is None or line.find(" ") == -1: - continue - tokens = line.split() - if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: - # this is a hashed known host entry - try: - (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) - hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) - hash.update(host) - if hash.digest() == kn_host.decode('base64'): - return False - except: - # invalid hashed host key, skip it - continue - else: - # standard host file entry - if host in tokens[0]: - return False - return True - - def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=False, su_user=None): - ''' run a command on the remote host ''' - - if in_data: - raise errors.AnsibleError("Internal Error: this module does not support optimized module pipelining") - - ssh_cmd = self._password_cmd() - ssh_cmd += ["ssh", "-tt"] - if utils.VERBOSITY > 3: - ssh_cmd += ["-vvv"] - else: - ssh_cmd += ["-q"] - ssh_cmd += self.common_args - - if self.ipv6: - ssh_cmd += ['-6'] - ssh_cmd += [self.host] - - if su and su_user: - sudocmd, prompt, success_key = utils.make_su_cmd(su_user, executable, cmd) - ssh_cmd.append(sudocmd) - elif not self.runner.sudo or not sudoable: - if executable: - ssh_cmd.append(executable + ' -c ' + pipes.quote(cmd)) - else: - ssh_cmd.append(cmd) - else: - sudocmd, prompt, success_key = utils.make_sudo_cmd(sudo_user, executable, cmd) - ssh_cmd.append(sudocmd) - - vvv("EXEC %s" % ssh_cmd, host=self.host) - - not_in_host_file = self.not_in_host_file(self.host) - - if C.HOST_KEY_CHECKING and not_in_host_file: - # lock around the initial SSH connectivity so the user prompt about whether to add - # the host to known hosts is not intermingled with multiprocess output. - fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX) - fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_EX) - - - try: - # Make sure stdin is a proper (pseudo) pty to avoid: tcgetattr errors - master, slave = pty.openpty() - p = subprocess.Popen(ssh_cmd, stdin=slave, - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - stdin = os.fdopen(master, 'w', 0) - os.close(slave) - except: - p = subprocess.Popen(ssh_cmd, stdin=subprocess.PIPE, - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - stdin = p.stdin - - self._send_password() - - if (self.runner.sudo and sudoable and self.runner.sudo_pass) or \ - (self.runner.su and su and self.runner.su_pass): - fcntl.fcntl(p.stdout, fcntl.F_SETFL, - fcntl.fcntl(p.stdout, fcntl.F_GETFL) | os.O_NONBLOCK) - sudo_output = '' - while not sudo_output.endswith(prompt) and success_key not in sudo_output: - rfd, wfd, efd = select.select([p.stdout], [], - [p.stdout], self.runner.timeout) - if p.stdout in rfd: - chunk = p.stdout.read() - if not chunk: - raise errors.AnsibleError('ssh connection closed waiting for sudo or su password prompt') - sudo_output += chunk - else: - stdout = p.communicate() - raise errors.AnsibleError('ssh connection error waiting for sudo or su password prompt') - - if success_key not in sudo_output: - if sudoable: - stdin.write(self.runner.sudo_pass + '\n') - elif su: - stdin.write(self.runner.su_pass + '\n') - fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) & ~os.O_NONBLOCK) - - # We can't use p.communicate here because the ControlMaster may have stdout open as well - stdout = '' - stderr = '' - rpipes = [p.stdout, p.stderr] - while True: - rfd, wfd, efd = select.select(rpipes, [], rpipes, 1) - - # fail early if the sudo/su password is wrong - if self.runner.sudo and sudoable and self.runner.sudo_pass: - incorrect_password = gettext.dgettext( - "sudo", "Sorry, try again.") - if stdout.endswith("%s\r\n%s" % (incorrect_password, prompt)): - raise errors.AnsibleError('Incorrect sudo password') - - if self.runner.su and su and self.runner.su_pass: - incorrect_password = gettext.dgettext( - "su", "su: Authentication failure") - if stdout.endswith("%s\r\n%s" % (incorrect_password, prompt)): - raise errors.AnsibleError('Incorrect su password') - - if p.stdout in rfd: - dat = os.read(p.stdout.fileno(), 9000) - stdout += dat - if dat == '': - rpipes.remove(p.stdout) - if p.stderr in rfd: - dat = os.read(p.stderr.fileno(), 9000) - stderr += dat - if dat == '': - rpipes.remove(p.stderr) - # only break out if we've emptied the pipes, or there is nothing to - # read from and the process has finished. - if (not rpipes or not rfd) and p.poll() is not None: - break - # Calling wait while there are still pipes to read can cause a lock - elif not rpipes and p.poll() == None: - p.wait() - # the process has finished and the pipes are empty, - # if we loop and do the select it waits all the timeout - break - stdin.close() # close stdin after we read from stdout (see also issue #848) - - if C.HOST_KEY_CHECKING and not_in_host_file: - # lock around the initial SSH connectivity so the user prompt about whether to add - # the host to known hosts is not intermingled with multiprocess output. - fcntl.lockf(self.runner.output_lockfile, fcntl.LOCK_UN) - fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN) - - if C.HOST_KEY_CHECKING: - if ssh_cmd[0] == "sshpass" and p.returncode == 6: - raise errors.AnsibleError('Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host\'s fingerprint to your known_hosts file to manage this host.') - - controlpersisterror = stderr.find('Bad configuration option: ControlPersist') != -1 or stderr.find('unknown configuration option: ControlPersist') != -1 - if p.returncode != 0 and controlpersisterror: - raise errors.AnsibleError('using -c ssh on certain older ssh versions may not support ControlPersist, set ANSIBLE_SSH_ARGS="" (or ansible_ssh_args in the config file) before running again') - - return (p.returncode, '', stdout, stderr) - - def put_file(self, in_path, out_path): - ''' transfer a file from local to remote ''' - vvv("PUT %s TO %s" % (in_path, out_path), host=self.host) - if not os.path.exists(in_path): - raise errors.AnsibleFileNotFound("file or module does not exist: %s" % in_path) - cmd = self._password_cmd() - - host = self.host - if self.ipv6: - host = '[%s]' % host - - if C.DEFAULT_SCP_IF_SSH: - cmd += ["scp"] + self.common_args - cmd += [in_path,host + ":" + pipes.quote(out_path)] - indata = None - else: - cmd += ["sftp"] + self.common_args + [host] - indata = "put %s %s\n" % (pipes.quote(in_path), pipes.quote(out_path)) - - p = subprocess.Popen(cmd, stdin=subprocess.PIPE, - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - self._send_password() - stdout, stderr = p.communicate(indata) - - if p.returncode != 0: - raise errors.AnsibleError("failed to transfer file to %s:\n%s\n%s" % (out_path, stdout, stderr)) - - def fetch_file(self, in_path, out_path): - ''' fetch a file from remote to local ''' - vvv("FETCH %s TO %s" % (in_path, out_path), host=self.host) - cmd = self._password_cmd() - - host = self.host - if self.ipv6: - host = '[%s]' % host - - if C.DEFAULT_SCP_IF_SSH: - cmd += ["scp"] + self.common_args - cmd += [host + ":" + in_path, out_path] - indata = None - else: - cmd += ["sftp"] + self.common_args + [host] - indata = "get %s %s\n" % (in_path, out_path) - - p = subprocess.Popen(cmd, stdin=subprocess.PIPE, - stdout=subprocess.PIPE, stderr=subprocess.PIPE) - self._send_password() - stdout, stderr = p.communicate(indata) - - if p.returncode != 0: - raise errors.AnsibleError("failed to transfer file from %s:\n%s\n%s" % (in_path, stdout, stderr)) - - def close(self): - ''' not applicable since we're executing openssh binaries ''' - pass -