Class: Chef::Knife::Ssh

Inherits:
Chef::Knife show all
Includes:
Mixin::ShellOut
Defined in:
lib/chef/knife/ssh.rb

Constant Summary

Constants inherited from Chef::Knife

OFFICIAL_PLUGINS

Instance Attribute Summary collapse

Attributes inherited from Chef::Knife

#name_args, #ui

Instance Method Summary collapse

Methods included from Mixin::ShellOut

#a_to_s, #clean_array, #shell_out, #shell_out!, #shell_out_compact, #shell_out_compact!, #shell_out_compact_timeout, #shell_out_compact_timeout!, #shell_out_with_systems_locale, #shell_out_with_systems_locale!

Methods included from Mixin::PathSanity

#enforce_path_sanity, #sanitized_path

Methods inherited from Chef::Knife

#api_key, #apply_computed_config, category, chef_config_dir, #cli_keys, common_name, #config_file_settings, config_loader, #configure_chef, #create_object, #delete_object, dependency_loaders, deps, #format_rest_error, guess_category, #humanize_exception, #humanize_http_exception, inherited, #initialize, list_commands, load_commands, load_config, load_deps, #maybe_setup_fips, #merge_configs, msg, #noauth_rest, #parse_options, reset_config_loader!, reset_subcommands!, #rest, run, #run_with_pretty_exceptions, #server_url, #show_usage, snake_case_name, subcommand_category, subcommand_class_from, subcommand_files, subcommand_loader, subcommands, subcommands_by_category, #test_mandatory_field, ui, unnamed?, use_separate_defaults?, #username

Methods included from Mixin::ConvertToClassName

#constantize, #convert_to_class_name, #convert_to_snake_case, #filename_to_qualified_string, #normalize_snake_case_name, #snake_case_basename

Constructor Details

This class inherits a constructor from Chef::Knife

Instance Attribute Details

#password=(value) ⇒ Object (writeonly)

Sets the attribute password

Parameters:

  • value

    the value to set the attribute password to.


38
39
40
# File 'lib/chef/knife/ssh.rb', line 38

def password=(value)
  @password = value
end

Instance Method Details

#configure_gatewayObject


149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# File 'lib/chef/knife/ssh.rb', line 149

def configure_gateway
  config[:ssh_gateway] ||= Chef::Config[:knife][:ssh_gateway]
  if config[:ssh_gateway]
    gw_host, gw_user = config[:ssh_gateway].split("@").reverse
    gw_host, gw_port = gw_host.split(":")
    gw_opts = session_options(gw_host, gw_port, gw_user)
    user = gw_opts.delete(:user)

    begin
      # Try to connect with a key.
      session.via(gw_host, user, gw_opts)
    rescue Net::SSH::AuthenticationFailed
      prompt = "Enter the password for #{user}@#{gw_host}: "
      gw_opts[:password] = prompt_for_password(prompt)
      # Try again with a password.
      session.via(gw_host, user, gw_opts)
    end
  end
end

#configure_passwordObject

This is a bit overly complicated because of the way we want knife ssh to work with -P causing a password prompt for the user, but we have to be conscious that this code gets included in knife bootstrap and knife * server create as well. We want to change the semantics so that the default is false and 'nil' means -P without an argument on the command line. But the other utilities expect nil to be the default and we can't prompt in that case. So we effectively use ssh_password_ng to determine if we're coming from knife ssh or from the other utilities. The other utilties can also be patched to use ssh_password_ng easily as long they follow the convention that the default is false.


536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
# File 'lib/chef/knife/ssh.rb', line 536

def configure_password
  if config.has_key?(:ssh_password_ng) && config[:ssh_password_ng].nil?
    # If the parameter is called on the command line with no value
    # it will set :ssh_password_ng = nil
    # This is where we want to trigger a prompt for password
    config[:ssh_password] = get_password
  else
    # if ssh_password_ng is false then it has not been set at all, and we may be in knife ec2 and still
    # using an old config[:ssh_password].  this is backwards compatibility.  all knife cloud plugins should
    # be updated to use ssh_password_ng with a default of false and ssh_password should be retired, (but
    # we'll still need to use the ssh_password out of knife.rb if we find that).
    ssh_password = config.has_key?(:ssh_password_ng) ? config[:ssh_password_ng] : config[:ssh_password]
    # Otherwise, the password has either been specified on the command line,
    # in knife.rb, or key based auth will be attempted
    config[:ssh_password] = get_stripped_unfrozen_value(ssh_password ||
                       Chef::Config[:knife][:ssh_password])
  end
end

#configure_sessionObject


169
170
171
172
173
174
175
176
177
178
179
180
181
182
# File 'lib/chef/knife/ssh.rb', line 169

def configure_session
  list = config[:manual] ? @name_args[0].split(" ") : search_nodes
  if list.length == 0
    if @search_count == 0
      ui.fatal("No nodes returned from search")
    else
      ui.fatal("#{@search_count} #{@search_count > 1 ? "nodes" : "node"} found, " +
               "but does not have the required attribute to establish the connection. " +
               "Try setting another attribute to open the connection using --attribute.")
    end
    exit 10
  end
  session_from_list(list)
end

#configure_ssh_gateway_identityObject


560
561
562
# File 'lib/chef/knife/ssh.rb', line 560

def configure_ssh_gateway_identity
  config[:ssh_gateway_identity] = get_stripped_unfrozen_value(config[:ssh_gateway_identity] || Chef::Config[:knife][:ssh_gateway_identity])
end

#configure_ssh_identity_fileObject


555
556
557
558
# File 'lib/chef/knife/ssh.rb', line 555

def configure_ssh_identity_file
  # config[:identity_file] is DEPRECATED in favor of :ssh_identity_file
  config[:ssh_identity_file] = get_stripped_unfrozen_value(config[:ssh_identity_file] || config[:identity_file] || Chef::Config[:knife][:ssh_identity_file])
end

#configure_userObject


525
526
527
528
# File 'lib/chef/knife/ssh.rb', line 525

def configure_user
  config[:ssh_user] = get_stripped_unfrozen_value(config[:ssh_user] ||
                       Chef::Config[:knife][:ssh_user])
end

#csshObject


496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
# File 'lib/chef/knife/ssh.rb', line 496

def cssh
  cssh_cmd = nil
  %w{csshX cssh}.each do |cmd|
    begin
      # Unix and Mac only
      cssh_cmd = shell_out!("which #{cmd}").stdout.strip
      break
    rescue Mixlib::ShellOut::ShellCommandFailed
    end
  end
  raise Chef::Exceptions::Exec, "no command found for cssh" unless cssh_cmd

  # pass in the consolidated identity file option to cssh(X)
  if config[:ssh_identity_file]
    cssh_cmd << " --ssh_args '-i #{File.expand_path(config[:ssh_identity_file])}'"
  end

  session.servers_for.each do |server|
    cssh_cmd << " #{server.user ? "#{server.user}@#{server.host}" : server.host}"
  end
  Chef::Log.debug("Starting cssh session with command: #{cssh_cmd}")
  exec(cssh_cmd)
end

#fixup_sudo(command) ⇒ Object


301
302
303
# File 'lib/chef/knife/ssh.rb', line 301

def fixup_sudo(command)
  command.sub(/^sudo/, 'sudo -p \'knife sudo password: \'')
end

#get_passwordObject


357
358
359
# File 'lib/chef/knife/ssh.rb', line 357

def get_password
  @password ||= prompt_for_password
end

#get_ssh_attribute(node) ⇒ Object


184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
# File 'lib/chef/knife/ssh.rb', line 184

def get_ssh_attribute(node)
  # Order of precedence for ssh target
  # 1) command line attribute
  # 2) configuration file
  # 3) cloud attribute
  # 4) fqdn
  if node["config"]
    Chef::Log.debug("Using node attribute '#{config[:attribute]}' as the ssh target: #{node["config"]}")
    node["config"]
  elsif Chef::Config[:knife][:ssh_attribute]
    Chef::Log.debug("Using node attribute #{Chef::Config[:knife][:ssh_attribute]}: #{node["knife_config"]}")
    node["knife_config"]
  elsif node["cloud"] &&
      node["cloud"]["public_hostname"] &&
      !node["cloud"]["public_hostname"].empty?
    Chef::Log.debug("Using node attribute 'cloud[:public_hostname]' automatically as the ssh target: #{node["cloud"]["public_hostname"]}")
    node["cloud"]["public_hostname"]
  else
    # falling back to default of fqdn
    Chef::Log.debug("Using node attribute 'fqdn' as the ssh target: #{node["fqdn"]}")
    node["fqdn"]
  end
end

#get_stripped_unfrozen_value(value) ⇒ Object


520
521
522
523
# File 'lib/chef/knife/ssh.rb', line 520

def get_stripped_unfrozen_value(value)
  return nil if value.nil?
  value.strip
end

#interactiveObject


390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
# File 'lib/chef/knife/ssh.rb', line 390

def interactive
  puts "Connected to #{ui.list(session.servers_for.collect { |s| ui.color(s.host, :cyan) }, :inline, " and ")}"
  puts
  puts "To run a command on a list of servers, do:"
  puts "  on SERVER1 SERVER2 SERVER3; COMMAND"
  puts "  Example: on latte foamy; echo foobar"
  puts
  puts "To exit interactive mode, use 'quit!'"
  puts
  loop do
    command = read_line
    case command
    when "quit!"
      puts "Bye!"
      break
    when /^on (.+?); (.+)$/
      raw_list = $1.split(" ")
      server_list = Array.new
      session.servers.each do |session_server|
        server_list << session_server if raw_list.include?(session_server.host)
      end
      command = $2
      ssh_command(command, session.on(*server_list))
    else
      ssh_command(command)
    end
  end
end

#mactermObject


472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
# File 'lib/chef/knife/ssh.rb', line 472

def macterm
  begin
    require "appscript"
  rescue LoadError
    STDERR.puts "You need the rb-appscript gem to use knife ssh macterm. `(sudo) gem install rb-appscript` to install"
    raise
  end

  Appscript.app("/Applications/Utilities/Terminal.app").windows.first.activate
  Appscript.app("System Events").application_processes["Terminal.app"].keystroke("n", :using => :command_down)
  term = Appscript.app("Terminal")
  window = term.windows.first.get

  (session.servers_for.size - 1).times do |i|
    window.activate
    Appscript.app("System Events").application_processes["Terminal.app"].keystroke("t", :using => :command_down)
  end

  session.servers_for.each_with_index do |server, tab_number|
    cmd = "unset PROMPT_COMMAND; echo -e \"\\033]0;#{server.host}\\007\"; ssh #{server.user ? "#{server.user}@#{server.host}" : server.host}"
    Appscript.app("Terminal").do_script(cmd, :in => window.tabs[tab_number + 1].get)
  end
end

305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
# File 'lib/chef/knife/ssh.rb', line 305

def print_data(host, data)
  @buffers ||= {}
  if leftover = @buffers[host]
    @buffers[host] = nil
    print_data(host, leftover + data)
  else
    if newline_index = data.index("\n")
      line = data.slice!(0...newline_index)
      data.slice!(0)
      print_line(host, line)
      print_data(host, data)
    else
      @buffers[host] = data
    end
  end
end

322
323
324
325
326
# File 'lib/chef/knife/ssh.rb', line 322

def print_line(host, data)
  padding = @longest - host.length
  str = ui.color(host, :cyan) + (" " * (padding + 1)) + data
  ui.msg(str)
end

#prompt_for_password(prompt = "Enter your password: ") ⇒ Object


361
362
363
# File 'lib/chef/knife/ssh.rb', line 361

def prompt_for_password(prompt = "Enter your password: ")
  ui.ask(prompt) { |q| q.echo = false }
end

#read_lineObject

Present the prompt and read a single line from the console. It also detects ^D and returns "exit" in that case. Adds the input to the history, unless the input is empty. Loops repeatedly until a non-empty line is input.


369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
# File 'lib/chef/knife/ssh.rb', line 369

def read_line
  loop do
    command = reader.readline("#{ui.color('knife-ssh>', :bold)} ", true)

    if command.nil?
      command = "exit"
      puts(command)
    else
      command.strip!
    end

    unless command.empty?
      return command
    end
  end
end

#readerObject


386
387
388
# File 'lib/chef/knife/ssh.rb', line 386

def reader
  Readline
end

#runObject


564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
# File 'lib/chef/knife/ssh.rb', line 564

def run
  @longest = 0

  configure_user
  configure_password
  @password = config[:ssh_password] if config[:ssh_password]
  configure_ssh_identity_file
  configure_ssh_gateway_identity
  configure_gateway
  configure_session

  exit_status =
    case @name_args[1]
    when "interactive"
      interactive
    when "screen"
      screen
    when "tmux"
      tmux
    when "macterm"
      macterm
    when "cssh"
      cssh
    when "csshx"
      Chef::Log.warn("knife ssh csshx will be deprecated in a future release")
      Chef::Log.warn("please use knife ssh cssh instead")
      cssh
    else
      ssh_command(@name_args[1..-1].join(" "))
    end

  session.close
  if exit_status != 0
    exit exit_status
  else
    exit_status
  end
end

#screenObject


419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
# File 'lib/chef/knife/ssh.rb', line 419

def screen
  tf = Tempfile.new("knife-ssh-screen")
  Chef::Util::PathHelper.home(".screenrc") do |screenrc_path|
    if File.exist? screenrc_path
      tf.puts("source #{screenrc_path}")
    end
  end
  tf.puts("caption always '%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%<'")
  tf.puts("hardstatus alwayslastline 'knife ssh #{@name_args[0]}'")
  window = 0
  session.servers_for.each do |server|
    tf.print("screen -t \"#{server.host}\" #{window} ssh ")
    tf.print("-i #{config[:ssh_identity_file]} ") if config[:ssh_identity_file]
    server.user ? tf.puts("#{server.user}@#{server.host}") : tf.puts(server.host)
    window += 1
  end
  tf.close
  exec("screen -c #{tf.path}")
end

#sessionObject


133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
# File 'lib/chef/knife/ssh.rb', line 133

def session
  config[:on_error] ||= :skip
  ssh_error_handler = Proc.new do |server|
    case config[:on_error]
    when :skip
      ui.warn "Failed to connect to #{server.host} -- #{$!.class.name}: #{$!.message}"
      $!.backtrace.each { |l| Chef::Log.debug(l) }
    when :raise
      #Net::SSH::Multi magic to force exception to be re-raised.
      throw :go, :raise
    end
  end

  @session ||= Net::SSH::Multi.start(:concurrent_connections => config[:concurrency], :on_error => ssh_error_handler)
end

#session_from_list(list) ⇒ Object


279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
# File 'lib/chef/knife/ssh.rb', line 279

def session_from_list(list)
  list.each do |item|
    host, ssh_port = item
    Chef::Log.debug("Adding #{host}")
    session_opts = session_options(host, ssh_port)
    # Handle port overrides for the main connection.
    session_opts[:port] = Chef::Config[:knife][:ssh_port] if Chef::Config[:knife][:ssh_port]
    session_opts[:port] = config[:ssh_port] if config[:ssh_port]
    # Handle connection timeout
    session_opts[:timeout] = Chef::Config[:knife][:ssh_timeout] if Chef::Config[:knife][:ssh_timeout]
    session_opts[:timeout] = config[:ssh_timeout] if config[:ssh_timeout]
    # Create the hostspec.
    hostspec = session_opts[:user] ? "#{session_opts.delete(:user)}@#{host}" : host
    # Connect a new session on the multi.
    session.use(hostspec, session_opts)

    @longest = host.length if host.length > @longest
  end

  session
end

#session_options(host, port, user = nil) ⇒ Hash<Symbol, Object>

Net::SSH session options hash for global options. These should be options that will apply to the gateway connection in addition to the main one.

Parameters:

  • host (String)

    Hostname for this session.

  • port (String)

    SSH port for this session.

  • user (String) (defaults to: nil)

    Optional username for this session.

Returns:

Since:

  • 12.5.0


252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
# File 'lib/chef/knife/ssh.rb', line 252

def session_options(host, port, user = nil)
  ssh_config = Net::SSH.configuration_for(host, true)
  {}.tap do |opts|
    # Chef::Config[:knife][:ssh_user] is parsed in #configure_user and written to config[:ssh_user]
    opts[:user] = user || config[:ssh_user] || ssh_config[:user]
    if config[:ssh_gateway_identity]
      opts[:keys] = File.expand_path(config[:ssh_gateway_identity])
      opts[:keys_only] = true
    elsif config[:ssh_identity_file]
      opts[:keys] = File.expand_path(config[:ssh_identity_file])
      opts[:keys_only] = true
    elsif config[:ssh_password]
      opts[:password] = config[:ssh_password]
    end
    # Don't set the keys to nil if we don't have them.
    forward_agent = config[:forward_agent] || ssh_config[:forward_agent]
    opts[:forward_agent] = forward_agent unless forward_agent.nil?
    port ||= ssh_config[:port]
    opts[:port] = port unless port.nil?
    opts[:logger] = Chef::Log.logger if Chef::Log.level == :debug
    if !config[:host_key_verify]
      opts[:paranoid] = false
      opts[:user_known_hosts_file] = "/dev/null"
    end
  end
end

#ssh_command(command, subsession = nil) ⇒ Object


328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
# File 'lib/chef/knife/ssh.rb', line 328

def ssh_command(command, subsession = nil)
  exit_status = 0
  subsession ||= session
  command = fixup_sudo(command)
  command.force_encoding("binary") if command.respond_to?(:force_encoding)
  subsession.open_channel do |chan|
    if config[:on_error] && exit_status != 0
      chan.close()
    else
      chan.request_pty
      chan.exec command do |ch, success|
        raise ArgumentError, "Cannot execute #{command}" unless success
        ch.on_data do |ichannel, data|
          print_data(ichannel[:host], data)
          if data =~ /^knife sudo password: /
            print_data(ichannel[:host], "\n")
            ichannel.send_data("#{get_password}\n")
          end
        end
        ch.on_request "exit-status" do |ichannel, data|
          exit_status = [exit_status, data.read_long].max
        end
      end
    end
  end
  session.loop
  exit_status
end

#tmuxObject


439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
# File 'lib/chef/knife/ssh.rb', line 439

def tmux
  ssh_dest = lambda do |server|
    identity = "-i #{config[:ssh_identity_file]} " if config[:ssh_identity_file]
    prefix = server.user ? "#{server.user}@" : ""
    "'ssh #{identity}#{prefix}#{server.host}'"
  end

  new_window_cmds = lambda do
    if session.servers_for.size > 1
      [""] + session.servers_for[1..-1].map do |server|
        if config[:tmux_split]
          "split-window #{ssh_dest.call(server)}; tmux select-layout tiled"
        else
          "new-window -a -n '#{server.host}' #{ssh_dest.call(server)}"
        end
      end
    else
      []
    end.join(" \\; ")
  end

  tmux_name = "'knife ssh #{@name_args[0].tr(':', '=')}'"
  begin
    server = session.servers_for.first
    cmd = ["tmux new-session -d -s #{tmux_name}",
           "-n '#{server.host}'", ssh_dest.call(server),
           new_window_cmds.call].join(" ")
    shell_out!(cmd)
    exec("tmux attach-session -t #{tmux_name}")
  rescue Chef::Exceptions::Exec
  end
end