From f897f19fc5ac783e764244e066adf58099acf520 Mon Sep 17 00:00:00 2001 From: Michael DeHaan Date: Mon, 1 Oct 2012 22:41:00 -0400 Subject: [PATCH] Teach fireball mode to disable the fireball by paying attention to 'minutes=N' (default 30) and do not let fireball module crash on input. --- library/fireball | 52 +++++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/library/fireball b/library/fireball index f9d115408f..1543232fe1 100755 --- a/library/fireball +++ b/library/fireball @@ -23,10 +23,11 @@ DOCUMENTATION = ''' module: fireball short_description: Enable fireball mode on remote node description: - - This modules launches an ephemeral I(fireball) daemon on the remote node which - so that Ansible can use ZeroMQ as a message bus to communicate with nodes. The - daemon listens on a configurable port for a configurable amount of time. - - Ansible and the nodes exchange AES keys with which I(fireball) mode authenticates. + - This modules launches an ephemeral I(fireball) ZeroMQ message bus daemon on the remote node which + Ansible can to communicate with nodes at high speed. + - The daemon listens on a configurable port for a configurable amount of time. + - Starting a new fireball as a given user terminates any existing user fireballs. + - Fireball mode is AES encrypted version_added: "0.9" options: port: @@ -35,16 +36,10 @@ options: required: false default: 5099 aliases: [] - password: - description: - - this is a serialized AesKey object that is transferred over SSH; it is never - logged. Keys are periodically regenerated. - required: true - default: null minutes: description: - The I(fireball) listener daemon is started on nodes and will stay around for - this number of minutes before dying off by itself. + this number of minutes before turning itself off. required: false default: 30 # WARNING: very careful when moving space around, below @@ -60,12 +55,10 @@ examples: - hosts: devservers connection: fireball tasks: - - action: template src=config.in dest=/etc/my.config mode=0600 - description: "This example playbook has two plays: the first launches I(fireball) mode on all hosts via SSH, and the second actually starts using I(fireball) node for subsequent configuration tasks" + - action: command /usr/bin/anything + description: "This example playbook has two plays: the first launches I(fireball) mode on all hosts via SSH, and the second actually starts using I(fireball) node for subsequent management over the fireball interface" notes: - - This module is used together with the C(fireball) connection plugin and is useless - on its own. - - Also see the M(template) module. + - See the advanced playbooks chapter for more about using fireball mode. requirements: [ "zmq", "keyczar" ] author: Michael DeHaan ''' @@ -77,7 +70,9 @@ import time import base64 import syslog import signal +import time import subprocess +import signal syslog.openlog('ansible-%s' % os.path.basename(__file__)) PIDFILE = os.path.expanduser("~/.fireball.pid") @@ -192,6 +187,7 @@ def put(data): def serve(module, password, port, minutes): + log("serving") context = zmq.Context() socket = context.socket(zmq.REP) @@ -207,11 +203,14 @@ def serve(module, password, port, minutes): while True: - log("DEBUG: waiting") data = socket.recv() - data = key.Decrypt(data) + + try: + data = key.Decrypt(data) + except: + continue + data = json.loads(data) - log("DEBUG: got data=%s" % data) mode = data['mode'] response = {} @@ -223,18 +222,22 @@ def serve(module, password, port, minutes): elif mode == 'fetch': response = fetch(data) - # FIXME: send back a useful response here data2 = json.dumps(response) - log("DEBUG: returning data=%s" % data2) data2 = key.Encrypt(data2) socket.send(data2) def daemonize(module, password, port, minutes): - # FIXME: actually support the minutes killswitch here - # FIXME: /actually/ daemonize here try: daemonize_self(module, password, port, minutes) + + def catcher(signum, _): + module.exit_json(msg='timer expired') + + signal.signal(signal.SIGALRM, catcher) + signal.setitimer(signal.ITIMER_REAL, 60 * minutes) + + serve(module, password, port, minutes) except Exception, e: log("exception caught, exiting fireball mode: %s" % e) @@ -251,9 +254,8 @@ def main(): ) password = base64.b64decode(module.params['password']) - log("DEBUG pass=%s" % password) port = module.params['port'] - minutes = module.params['minutes'] + minutes = int(module.params['minutes']) if not HAS_ZMQ: module.fail_json(msg="zmq is not installed")