ansible/test/integration/targets/connection_ssh/runme.sh
Rick Elrod 304c3e57e8
[ssh] Add new sshpass_prompt option (#68874)
Change:
Allows the user to configure sshpass (1.06+) to look for a different
substring than the default "assword" that it comes with.

Test Plan:
Set a custom ssh password prompt on a VM with PAM and tried connecting to
it. Without `ansible_sshpass_prompt` set in inventory: experienced hang.
With `ansible_sshpass_prompt` in inventory: connected successfully.

Tried setting `ansible_sshpass_prompt` with an older `sshpass` in PATH
and got a loud error, as expected.

Tickets:
Fixes #34722, fixes #54743, refs #11565.

Signed-off-by: Rick Elrod <rick@elrod.me>
2020-05-26 19:58:31 -05:00

65 lines
2.2 KiB
Bash
Executable file

#!/usr/bin/env bash
set -ux
# We skip this whole section if the test node doesn't have sshpass on it.
if command -v sshpass > /dev/null; then
# Check if our sshpass supports -P
sshpass -P foo > /dev/null
sshpass_supports_prompt=$?
if [[ $sshpass_supports_prompt -eq 0 ]]; then
# If the prompt is wrong, we'll end up hanging (due to sshpass hanging).
# We should probably do something better here, like timing out in Ansible,
# but this has been the behavior for a long time, before we supported custom
# password prompts.
#
# So we search for a custom password prompt that is clearly wrong and call
# ansible with timeout. If we time out, our custom prompt was successfully
# searched for. It's a weird way of doing things, but it does ensure
# that the flag gets passed to sshpass.
timeout 5 ansible -m ping \
-e ansible_connection=ssh \
-e ansible_sshpass_prompt=notThis: \
-e ansible_password=foo \
-e ansible_user=definitelynotroot \
-i test_connection.inventory \
ssh-pipelining
ret=$?
if [[ $ret -ne 124 ]]; then
echo "Expected to time out and we did not. Exiting with failure."
exit 1
fi
else
ansible -m ping \
-e ansible_connection=ssh \
-e ansible_sshpass_prompt=notThis: \
-e ansible_password=foo \
-e ansible_user=definitelynotroot \
-i test_connection.inventory \
ssh-pipelining | grep 'customized password prompts'
ret=$?
[[ $ret -eq 0 ]] || exit $ret
fi
fi
set -e
# temporary work-around for issues due to new scp filename checking
# https://github.com/ansible/ansible/issues/52640
if [[ "$(scp -T 2>&1)" == "usage: scp "* ]]; then
# scp supports the -T option
# work-around required
scp_args=("-e" "ansible_scp_extra_args=-T")
else
# scp does not support the -T option
# no work-around required
# however we need to put something in the array to keep older versions of bash happy
scp_args=("-e" "")
fi
# sftp
./posix.sh "$@"
# scp
ANSIBLE_SCP_IF_SSH=true ./posix.sh "$@" "${scp_args[@]}"
# piped
ANSIBLE_SSH_TRANSFER_METHOD=piped ./posix.sh "$@"