Pipe it to connections (#73688)
* pipelining tweaks added 'defaults' entry for ini pipelining from ssh plugin
This commit is contained in:
Brian Coca
GitHub
parent
8628c12f30
commit
9690512069
7 changed files with 49 additions and 17 deletions
2
changelogs/fragments/pipelinig_to_plugins.yml
Normal file
2
changelogs/fragments/pipelinig_to_plugins.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- Restructured pipelining settings to be at the connection plugins leaving base config as global and for backwards compatiblity.
|
||||||
|
|
@ -109,16 +109,15 @@ ANSIBLE_PIPELINING:
|
||||||
- "However this conflicts with privilege escalation (become). For example, when using 'sudo:' operations you must first
|
- "However this conflicts with privilege escalation (become). For example, when using 'sudo:' operations you must first
|
||||||
disable 'requiretty' in /etc/sudoers on all managed hosts, which is why it is disabled by default."
|
disable 'requiretty' in /etc/sudoers on all managed hosts, which is why it is disabled by default."
|
||||||
- This option is disabled if ``ANSIBLE_KEEP_REMOTE_FILES`` is enabled.
|
- This option is disabled if ``ANSIBLE_KEEP_REMOTE_FILES`` is enabled.
|
||||||
|
- This is a global option, each connection plugin can override either by having more specific options or not supporting pipelining at all.
|
||||||
env:
|
env:
|
||||||
- name: ANSIBLE_PIPELINING
|
- name: ANSIBLE_PIPELINING
|
||||||
- name: ANSIBLE_SSH_PIPELINING
|
|
||||||
ini:
|
ini:
|
||||||
|
- section: defaults
|
||||||
|
key: pipelining
|
||||||
- section: connection
|
- section: connection
|
||||||
key: pipelining
|
key: pipelining
|
||||||
- section: ssh_connection
|
|
||||||
key: pipelining
|
|
||||||
type: boolean
|
type: boolean
|
||||||
yaml: {key: plugins.connection.pipelining}
|
|
||||||
ANSIBLE_SSH_ARGS:
|
ANSIBLE_SSH_ARGS:
|
||||||
# TODO: move to ssh plugin
|
# TODO: move to ssh plugin
|
||||||
default: -C -o ControlMaster=auto -o ControlPersist=60s
|
default: -C -o ControlMaster=auto -o ControlPersist=60s
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,8 @@ DOCUMENTATION = '''
|
||||||
- This connection plugin allows ansible to execute tasks on the Ansible 'controller' instead of on a remote host.
|
- This connection plugin allows ansible to execute tasks on the Ansible 'controller' instead of on a remote host.
|
||||||
author: ansible (@core)
|
author: ansible (@core)
|
||||||
version_added: historical
|
version_added: historical
|
||||||
|
extends_documentation_fragment:
|
||||||
|
- connection_pipelining
|
||||||
notes:
|
notes:
|
||||||
- The remote user is ignored, the user with which the ansible CLI was executed is used instead.
|
- The remote user is ignored, the user with which the ansible CLI was executed is used instead.
|
||||||
'''
|
'''
|
||||||
|
|
@ -82,7 +84,7 @@ class Connection(ConnectionBase):
|
||||||
|
|
||||||
master = None
|
master = None
|
||||||
stdin = subprocess.PIPE
|
stdin = subprocess.PIPE
|
||||||
if sudoable and self.become and self.become.expect_prompt():
|
if sudoable and self.become and self.become.expect_prompt() and not self.get_option('pipelining'):
|
||||||
# Create a pty if sudoable for privlege escalation that needs it.
|
# Create a pty if sudoable for privlege escalation that needs it.
|
||||||
# Falls back to using a standard pipe if this fails, which may
|
# Falls back to using a standard pipe if this fails, which may
|
||||||
# cause the command to fail in certain situations where we are escalating
|
# cause the command to fail in certain situations where we are escalating
|
||||||
|
|
@ -102,7 +104,7 @@ class Connection(ConnectionBase):
|
||||||
stderr=subprocess.PIPE,
|
stderr=subprocess.PIPE,
|
||||||
)
|
)
|
||||||
|
|
||||||
# if we created a master, we can close the other half of the pty now
|
# if we created a master, we can close the other half of the pty now, otherwise master is stdin
|
||||||
if master is not None:
|
if master is not None:
|
||||||
os.close(stdin)
|
os.close(stdin)
|
||||||
|
|
||||||
|
|
@ -138,6 +140,9 @@ class Connection(ConnectionBase):
|
||||||
|
|
||||||
if not self.become.check_success(become_output):
|
if not self.become.check_success(become_output):
|
||||||
become_pass = self.become.get_option('become_pass', playcontext=self._play_context)
|
become_pass = self.become.get_option('become_pass', playcontext=self._play_context)
|
||||||
|
if master is None:
|
||||||
|
p.stdin.write(to_bytes(become_pass, errors='surrogate_or_strict') + b'\n')
|
||||||
|
else:
|
||||||
os.write(master, to_bytes(become_pass, errors='surrogate_or_strict') + b'\n')
|
os.write(master, to_bytes(become_pass, errors='surrogate_or_strict') + b'\n')
|
||||||
|
|
||||||
fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) & ~os.O_NONBLOCK)
|
fcntl.fcntl(p.stdout, fcntl.F_SETFL, fcntl.fcntl(p.stdout, fcntl.F_GETFL) & ~os.O_NONBLOCK)
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,8 @@ description:
|
||||||
version_added: "2.7"
|
version_added: "2.7"
|
||||||
requirements:
|
requirements:
|
||||||
- pypsrp>=0.4.0 (Python library)
|
- pypsrp>=0.4.0 (Python library)
|
||||||
|
extends_documentation_fragment:
|
||||||
|
- connection_pipelining
|
||||||
options:
|
options:
|
||||||
# transport options
|
# transport options
|
||||||
remote_addr:
|
remote_addr:
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,8 @@ DOCUMENTATION = '''
|
||||||
a password manually to decrypt an ssh key when using this connection plugin (which is the default). The
|
a password manually to decrypt an ssh key when using this connection plugin (which is the default). The
|
||||||
use of ``ssh-agent`` is highly recommended.
|
use of ``ssh-agent`` is highly recommended.
|
||||||
author: ansible (@core)
|
author: ansible (@core)
|
||||||
|
extends_documentation_fragment:
|
||||||
|
- connection_pipelining
|
||||||
version_added: historical
|
version_added: historical
|
||||||
options:
|
options:
|
||||||
host:
|
host:
|
||||||
|
|
@ -190,23 +192,14 @@ DOCUMENTATION = '''
|
||||||
- name: ansible_user
|
- name: ansible_user
|
||||||
- name: ansible_ssh_user
|
- name: ansible_ssh_user
|
||||||
pipelining:
|
pipelining:
|
||||||
default: ANSIBLE_PIPELINING
|
|
||||||
description:
|
|
||||||
- Pipelining reduces the number of SSH operations required to execute a module on the remote server,
|
|
||||||
by executing many Ansible modules without actual file transfer.
|
|
||||||
- This can result in a very significant performance improvement when enabled.
|
|
||||||
- However this conflicts with privilege escalation (become).
|
|
||||||
For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts,
|
|
||||||
which is why this feature is disabled by default.
|
|
||||||
env:
|
env:
|
||||||
- name: ANSIBLE_PIPELINING
|
- name: ANSIBLE_PIPELINING
|
||||||
- name: ANSIBLE_SSH_PIPELINING
|
- name: ANSIBLE_SSH_PIPELINING
|
||||||
ini:
|
ini:
|
||||||
- section: defaults
|
- section: connection
|
||||||
key: pipelining
|
key: pipelining
|
||||||
- section: ssh_connection
|
- section: ssh_connection
|
||||||
key: pipelining
|
key: pipelining
|
||||||
type: boolean
|
|
||||||
vars:
|
vars:
|
||||||
- name: ansible_pipelining
|
- name: ansible_pipelining
|
||||||
- name: ansible_ssh_pipelining
|
- name: ansible_ssh_pipelining
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,8 @@ DOCUMENTATION = """
|
||||||
- This plugin allows extra arguments to be passed that are supported by the protocol but not explicitly defined here.
|
- This plugin allows extra arguments to be passed that are supported by the protocol but not explicitly defined here.
|
||||||
They should take the form of variables declared with the following pattern `ansible_winrm_<option>`.
|
They should take the form of variables declared with the following pattern `ansible_winrm_<option>`.
|
||||||
version_added: "2.0"
|
version_added: "2.0"
|
||||||
|
extends_documentation_fragment:
|
||||||
|
- connection_pipelining
|
||||||
requirements:
|
requirements:
|
||||||
- pywinrm (python library)
|
- pywinrm (python library)
|
||||||
options:
|
options:
|
||||||
|
|
|
||||||
29
lib/ansible/plugins/doc_fragments/connection_pipelining.py
Normal file
29
lib/ansible/plugins/doc_fragments/connection_pipelining.py
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
# Copyright (c) 2021 Ansible Project
|
||||||
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
from __future__ import (absolute_import, division, print_function)
|
||||||
|
__metaclass__ = type
|
||||||
|
|
||||||
|
|
||||||
|
class ModuleDocFragment(object):
|
||||||
|
|
||||||
|
# common shelldocumentation fragment
|
||||||
|
DOCUMENTATION = """
|
||||||
|
options:
|
||||||
|
pipelining:
|
||||||
|
default: ANSIBLE_PIPELINING
|
||||||
|
description:
|
||||||
|
- Pipelining reduces the number of connection operations required to execute a module on the remote server,
|
||||||
|
by executing many Ansible modules without actual file transfers.
|
||||||
|
- This can result in a very significant performance improvement when enabled.
|
||||||
|
- However this can conflict with privilege escalation (become).
|
||||||
|
For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts,
|
||||||
|
which is why this feature is disabled by default.
|
||||||
|
env:
|
||||||
|
- name: ANSIBLE_PIPELINING
|
||||||
|
ini:
|
||||||
|
- section: defaults
|
||||||
|
key: pipelining
|
||||||
|
type: boolean
|
||||||
|
vars:
|
||||||
|
- name: ansible_pipelining
|
||||||
|
"""
|
||||||
Loading…
Reference in a new issue