1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Find a file
Vilmos Nebehaj 58cccce384 Use PBKDF2HMAC() from cryptography for vault keys.
When stretching the key for vault files, use PBKDF2HMAC() from the
cryptography package instead of pycrypto. This will speed up the opening
of vault files by ~10x.

The problem is here in lib/ansible/utils/vault.py:

    hash_function = SHA256

    # make two keys and one iv
    pbkdf2_prf = lambda p, s: HMAC.new(p, s, hash_function).digest()

    derivedkey = PBKDF2(password, salt, dkLen=(2 * keylength) + ivlength,
                        count=10000, prf=pbkdf2_prf)

`PBKDF2()` calls a Python callback function (`pbkdf2_pr()`) 10000 times.
If one has several vault files, this will cause excessive start times
with `ansible` or `ansible-playbook` (we experience ~15 second startup
times).

Testing the original implementation in 1.9.2 with a vault file:

In [2]: %timeit v.decrypt(encrypted_data)
1 loops, best of 3: 265 ms per loop

Having a recent OpenSSL version and using the vault.py changes in this commit:

In [2]: %timeit v.decrypt(encrypted_data)
10 loops, best of 3: 23.2 ms per loop
2015-07-28 14:51:36 +02:00
bin added wrap_text to 'last resort' as it fails if there is an error in callbacks 2015-07-24 11:25:25 -04:00
contrib moved openvz inventory script to new home 2015-07-27 20:53:53 -04:00
docs/man correct ansible-playbook man1 2015-07-23 08:39:01 +01:00
docsite Fix incorrect example of vars_prompt 2015-07-27 11:08:39 +05:30
examples Fixing up error handling for fetch_file ops in connection plugins 2015-07-22 14:25:47 -04:00
hacking Preserve OLDPWD 2015-07-23 11:24:30 +02:00
lib/ansible Use PBKDF2HMAC() from cryptography for vault keys. 2015-07-28 14:51:36 +02:00
packaging Add six as a dependency for packaging 2015-06-02 11:43:35 -07:00
samples Moving ConnectionInformation -> PlayContext 2015-07-21 12:13:50 -04:00
test Fix variable precedence integrationt test 2015-07-28 00:51:58 -04:00
ticket_stubs for ansibot compensation 2015-07-08 10:12:08 -04:00
v1 Delimiter param must be a string 2015-07-25 15:47:13 +05:30
.coveragerc Add tox and travis-ci support 2015-03-13 08:20:24 -04:00
.gitattributes updated changelog with 1.8.2-4 content, added .gitattributes 2015-02-23 22:20:33 +00:00
.gitignore Add tox and travis-ci support 2015-03-13 08:20:24 -04:00
.gitmodules Re-adding submodules after moving things around 2015-05-03 22:30:51 -05:00
.travis.yml Disable docs checks 2015-07-01 07:24:15 -07:00
CHANGELOG.md added openvz to inventory 2015-07-27 22:52:12 -04:00
CODING_GUIDELINES.md CODING_GUIDELINES: Fix typo: / => \ 2014-06-28 08:21:15 -07:00
CONTRIBUTING.md Update CONTRIBUTING.md 2014-09-10 13:00:57 -04:00
COPYING license file should be in source tree 2012-03-15 20:24:22 -04:00
ISSUE_TEMPLATE.md Merge pull request #9853 from axos88/patch-1 2015-07-21 10:56:43 -04:00
Makefile avoid removing test all~ file 2015-06-05 18:42:14 -04:00
MANIFEST.in Fix removal of .git from modules directories 2015-07-13 15:46:09 -04:00
README.md Update README.md 2015-06-10 15:42:30 +02:00
RELEASES.txt Backporting release info/changelog stuff to devel 2015-05-05 10:28:43 -05:00
setup.py add distutils package classifiers 2015-07-27 19:33:54 +00:00
test-requirements.txt Mock 1.1.0 lost python2.6 compatibility 2015-07-10 09:11:03 -07:00
tox.ini dont check vagrant inventory script for 2.6 2015-07-21 13:44:45 -04:00
VERSION Fixing the VERSION file to match the expected "version release" format 2015-04-07 08:22:56 -05:00

PyPI version PyPI downloads Build Status

Ansible

Ansible is a radically simple IT automation system. It handles configuration-management, application deployment, cloud provisioning, ad-hoc task-execution, and multinode orchestration - including trivializing things like zero downtime rolling updates with load balancers.

Read the documentation and more at http://ansible.com/

Many users run straight from the development branch (it's generally fine to do so), but you might also wish to consume a release.

You can find instructions here for a variety of platforms. If you decide to go with the development branch, be sure to run "git submodule update --init --recursive" after doing a checkout.

If you want to download a tarball of a release, go to releases.ansible.com, though most users use yum (using the EPEL instructions linked above), apt (using the PPA instructions linked above), or "pip install ansible".

Design Principles

  • Have a dead simple setup process and a minimal learning curve
  • Manage machines very quickly and in parallel
  • Avoid custom-agents and additional open ports, be agentless by leveraging the existing SSH daemon
  • Describe infrastructure in a language that is both machine and human friendly
  • Focus on security and easy auditability/review/rewriting of content
  • Manage new remote machines instantly, without bootstrapping any software
  • Allow module development in any dynamic language, not just Python
  • Be usable as non-root
  • Be the easiest IT automation system to use, ever.

Get Involved

  • Read Community Information for all kinds of ways to contribute to and interact with the project, including mailing list information and how to submit bug reports and code to Ansible.
  • All code submissions are done through pull requests. Take care to make sure no merge commits are in the submission, and use "git rebase" vs "git merge" for this reason. If submitting a large code change (other than modules), it's probably a good idea to join ansible-devel and talk about what you would like to do or add first and to avoid duplicate efforts. This not only helps everyone know what's going on, it also helps save time and effort if we decide some changes are needed.
  • Users list: ansible-project
  • Development list: ansible-devel
  • Announcement list: ansible-announce - read only
  • irc.freenode.net: #ansible

Branch Info

  • Releases are named after Van Halen songs.
  • The devel branch corresponds to the release actively under development.
  • As of 1.8, modules are kept in different repos, you'll want to follow core and extras
  • Various release-X.Y branches exist for previous releases.
  • We'd love to have your contributions, read Community Information for notes on how to get started.

Authors

Ansible was created by Michael DeHaan (michael.dehaan/gmail/com) and has contributions from over 1000 users (and growing). Thanks everyone!

Ansible is sponsored by Ansible, Inc