cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add auth_timeout parameter when supported by paramiko (#50448)

Browse source 
* Add auth_timeout parameter when supported

Paramiko 2.2 introduces the auth_timeout parameter. This will set the
parameter to the same value of the timeout parameter to prevent
"Authentication timeout" errors.

* Conditionally add auth_timeout to ssh.connect

Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the
auth_timeout parameter based on the installed paramiko version.

* Add changelog fragment
This commit is contained in:
Renato Orgito 2019-01-08 22:25:17 -02:00 committed by Dag Wieers
parent b5d92c6df4
commit 6f9bca9de3
2 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent "Authentication timeout" errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596)

9
lib/ansible/plugins/connection/paramiko_ssh.py
View file

@ -137,6 +137,7 @@ import sys
import re import re
from termios import tcflush, TCIFLUSH from termios import tcflush, TCIFLUSH
from distutils.version import LooseVersion
from binascii import hexlify from binascii import hexlify
from ansible import constants as C from ansible import constants as C
@ -323,7 +324,7 @@ class Connection(ConnectionBase):
pass # file was not found, but not required to function pass # file was not found, but not required to function
ssh.load_system_host_keys() ssh.load_system_host_keys()
sock_kwarg = self._parse_proxy_command(port) ssh_connect_kwargs = self._parse_proxy_command(port)
ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self)) ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self))
@ -337,6 +338,10 @@ class Connection(ConnectionBase):
if self._play_context.private_key_file: if self._play_context.private_key_file:
key_filename = os.path.expanduser(self._play_context.private_key_file) key_filename = os.path.expanduser(self._play_context.private_key_file)
# paramiko 2.2 introduced auth_timeout parameter
if LooseVersion(paramiko.__version__) >= LooseVersion('2.2.0'):
ssh_connect_kwargs['auth_timeout'] = self._play_context.timeout
ssh.connect( ssh.connect(
self._play_context.remote_addr.lower(), self._play_context.remote_addr.lower(),
username=self._play_context.remote_user, username=self._play_context.remote_user,
@ -346,7 +351,7 @@ class Connection(ConnectionBase):
password=self._play_context.password, password=self._play_context.password,
timeout=self._play_context.timeout, timeout=self._play_context.timeout,
port=port, port=port,
**sock_kwarg **ssh_connect_kwargs
) )
except paramiko.ssh_exception.BadHostKeyException as e: except paramiko.ssh_exception.BadHostKeyException as e:
raise AnsibleConnectionFailure('host key mismatch for %s' % e.hostname) raise AnsibleConnectionFailure('host key mismatch for %s' % e.hostname)