diff options
author | Rick Elrod <rick@elrod.me> | 2020-05-26 19:58:31 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-26 19:58:31 -0500 |
commit | 304c3e57e88c3bfb9a8f912b85e1184b836e0eb2 (patch) | |
tree | 248e0bd5537e9da7baac491abe0a3f1d2413056a /test/integration/targets/connection_ssh | |
parent | ea04e0048dbb3b63f876aad7020e1de8eee9f362 (diff) | |
download | ansible-304c3e57e88c3bfb9a8f912b85e1184b836e0eb2.tar.gz |
[ssh] Add new sshpass_prompt option (#68874)
Change:
Allows the user to configure sshpass (1.06+) to look for a different
substring than the default "assword" that it comes with.
Test Plan:
Set a custom ssh password prompt on a VM with PAM and tried connecting to
it. Without `ansible_sshpass_prompt` set in inventory: experienced hang.
With `ansible_sshpass_prompt` in inventory: connected successfully.
Tried setting `ansible_sshpass_prompt` with an older `sshpass` in PATH
and got a loud error, as expected.
Tickets:
Fixes #34722, fixes #54743, refs #11565.
Signed-off-by: Rick Elrod <rick@elrod.me>
Diffstat (limited to 'test/integration/targets/connection_ssh')
-rwxr-xr-x | test/integration/targets/connection_ssh/runme.sh | 44 |
1 files changed, 43 insertions, 1 deletions
diff --git a/test/integration/targets/connection_ssh/runme.sh b/test/integration/targets/connection_ssh/runme.sh index a24ff048c5..e7b2b21f0b 100755 --- a/test/integration/targets/connection_ssh/runme.sh +++ b/test/integration/targets/connection_ssh/runme.sh @@ -1,6 +1,48 @@ #!/usr/bin/env bash -set -eux +set -ux + +# We skip this whole section if the test node doesn't have sshpass on it. +if command -v sshpass > /dev/null; then + # Check if our sshpass supports -P + sshpass -P foo > /dev/null + sshpass_supports_prompt=$? + if [[ $sshpass_supports_prompt -eq 0 ]]; then + # If the prompt is wrong, we'll end up hanging (due to sshpass hanging). + # We should probably do something better here, like timing out in Ansible, + # but this has been the behavior for a long time, before we supported custom + # password prompts. + # + # So we search for a custom password prompt that is clearly wrong and call + # ansible with timeout. If we time out, our custom prompt was successfully + # searched for. It's a weird way of doing things, but it does ensure + # that the flag gets passed to sshpass. + timeout 5 ansible -m ping \ + -e ansible_connection=ssh \ + -e ansible_sshpass_prompt=notThis: \ + -e ansible_password=foo \ + -e ansible_user=definitelynotroot \ + -i test_connection.inventory \ + ssh-pipelining + ret=$? + if [[ $ret -ne 124 ]]; then + echo "Expected to time out and we did not. Exiting with failure." + exit 1 + fi + else + ansible -m ping \ + -e ansible_connection=ssh \ + -e ansible_sshpass_prompt=notThis: \ + -e ansible_password=foo \ + -e ansible_user=definitelynotroot \ + -i test_connection.inventory \ + ssh-pipelining | grep 'customized password prompts' + ret=$? + [[ $ret -eq 0 ]] || exit $ret + fi +fi + +set -e # temporary work-around for issues due to new scp filename checking # https://github.com/ansible/ansible/issues/52640 |