No description
Find a file
Abhijit Menon-Sen f488de8599 Make sudo+requiretty and ANSIBLE_PIPELINING work together
Pipelining is a *significant* performance benefit, because each task can
be completed with a single SSH connection (vs. one ssh connection at the
start to mkdir, plus one sftp and one ssh per task).

Pipelining is disabled by default in Ansible because it conflicts with
the use of sudo if 'Defaults requiretty' is set in /etc/sudoers (as it
is on Red Hat) and su (which always requires a tty).

We can (and already do) make sudo/su happy by using "ssh -t" to allocate
a tty, but then the python interpreter goes into interactive mode and is
unhappy with module source being written to its stdin, per the following
comment from connections/ssh.py:

        # we can only use tty when we are not pipelining the modules.
        # piping data into /usr/bin/python inside a tty automatically
        # invokes the python interactive-mode but the modules are not
        # compatible with the interactive-mode ("unexpected indent"
        # mainly because of empty lines)

Instead of the (current) drastic solution of turning off pipelining when
we use a tty, we can instead use a tty but suppress the behaviour of the
Python interpreter to switch to interactive mode. The easiest way to do
this is to make its stdin *not* be a tty, e.g. with cat|python.

This works, but there's a problem: ssh will ignore -t if its input isn't
really a tty. So we could open a pseudo-tty and use that as ssh's stdin,
but if we then write Python source into it, it's all echoed back to us
(because we're a tty). So we have to use -tt to force tty allocation; in
that case, however, ssh puts the tty into "raw" mode (~ICANON), so there
is no good way for the process on the other end to detect EOF on stdin.
So if we do:

    echo -e "print('hello world')\n"|ssh -tt someho.st "cat|python"

…it hangs forever, because cat keeps on reading input even after we've
closed our pipe into ssh's stdin. We can get around this by writing a
special __EOF__ marker after writing in_data, and doing this:

    echo -e "print('hello world')\n__EOF__\n"|ssh -tt someho.st "sed -ne '/__EOF__/q' -e p|python"

This works fine, but in fact I use a clever python one-liner by mgedmin
to achieve the same effect without depending on sed (at the expense of a
much longer command line, alas; Python really isn't one-liner-friendly).

We also enable pipelining by default as a consequence.
2015-12-01 23:32:20 +05:30
bin Migrate cli and dependencies to use global display 2015-11-11 10:44:22 -08:00
contrib Merge pull request #12368 from coxley/nsot-inventory 2015-11-18 14:31:15 -08:00
docs/man removed requirement of destination and set documented default 2015-10-29 16:28:46 -04:00
docsite Merge pull request #13367 from leedm777/patch-1 2015-12-01 10:48:08 -05:00
examples Add variable compression option 2015-11-05 16:22:37 -05:00
hacking Update check mode argument 2015-11-08 20:55:10 -06:00
lib/ansible Make sudo+requiretty and ANSIBLE_PIPELINING work together 2015-12-01 23:32:20 +05:30
packaging Add missing xsltproc in Debian packaging README 2015-11-12 16:08:51 +01:00
samples Break apart a looped dependency to show a warning when parsing playbooks 2015-10-27 12:39:42 -07:00
test Also make sure remote_user is defaulted correctly for delegated hosts 2015-11-30 16:15:14 -05:00
ticket_stubs for ansibot compensation 2015-07-08 10:12:08 -04:00
.coveragerc Add tox and travis-ci support 2015-03-13 08:20:24 -04:00
.gitattributes updated changelog with 1.8.2-4 content, added .gitattributes 2015-02-23 22:20:33 +00:00
.gitignore normalized descriptions for most man pages 2015-10-26 11:03:50 -04:00
.gitmodules remove old dead code 2015-08-27 12:27:38 -04:00
.travis.yml Add parsing test to travis to catch that invocation is missing 2015-10-22 09:03:12 -07:00
CHANGELOG.md added pull's code sig verification to changelog 2015-12-01 09:54:33 -08:00
CODING_GUIDELINES.md CODING_GUIDELINES: Fix typo: / => \ 2014-06-28 08:21:15 -07:00
CONTRIBUTING.md Update CONTRIBUTING.md 2014-09-10 13:00:57 -04:00
COPYING license file should be in source tree 2012-03-15 20:24:22 -04:00
ISSUE_TEMPLATE.md Merge pull request #9853 from axos88/patch-1 2015-07-21 10:56:43 -04:00
Makefile Correct broken DEB builds by fixing LC_TIME assignment 2015-11-02 12:30:36 -05:00
MANIFEST.in Add changelog to the tarball 2015-10-28 07:57:04 -07:00
README.md Update README.md 2015-10-17 09:38:35 -04:00
RELEASES.txt The 2.0 release has a name now 2015-11-14 09:59:04 +05:30
setup.py Bundle a new version of python-six for compatibility along with some code to make it easy for distributions to override the bunndled copy if they have a new enough version. 2015-10-16 08:21:28 -07:00
test-requirements.txt Mock 1.1.0 lost python2.6 compatibility 2015-07-10 09:11:03 -07:00
tox.ini Start a pyflakes section to cut down on extra messages that we don't agree are problems 2015-11-11 07:50:19 -08:00
VERSION Version bump for new beta 2.0.0-0.5.beta3 2015-11-13 16:48:25 -05:00

PyPI version PyPI downloads Build Status

Ansible

Ansible is a radically simple IT automation system. It handles configuration-management, application deployment, cloud provisioning, ad-hoc task-execution, and multinode orchestration - including trivializing things like zero downtime rolling updates with load balancers.

Read the documentation and more at http://ansible.com/

Many users run straight from the development branch (it's generally fine to do so), but you might also wish to consume a release.

You can find instructions here for a variety of platforms. If you decide to go with the development branch, be sure to run git submodule update --init --recursive after doing a checkout.

If you want to download a tarball of a release, go to releases.ansible.com, though most users use yum (using the EPEL instructions linked above), apt (using the PPA instructions linked above), or pip install ansible.

Design Principles

  • Have a dead simple setup process and a minimal learning curve
  • Manage machines very quickly and in parallel
  • Avoid custom-agents and additional open ports, be agentless by leveraging the existing SSH daemon
  • Describe infrastructure in a language that is both machine and human friendly
  • Focus on security and easy auditability/review/rewriting of content
  • Manage new remote machines instantly, without bootstrapping any software
  • Allow module development in any dynamic language, not just Python
  • Be usable as non-root
  • Be the easiest IT automation system to use, ever.

Get Involved

  • Read Community Information for all kinds of ways to contribute to and interact with the project, including mailing list information and how to submit bug reports and code to Ansible.
  • All code submissions are done through pull requests. Take care to make sure no merge commits are in the submission, and use git rebase vs git merge for this reason. If submitting a large code change (other than modules), it's probably a good idea to join ansible-devel and talk about what you would like to do or add first and to avoid duplicate efforts. This not only helps everyone know what's going on, it also helps save time and effort if we decide some changes are needed.
  • Users list: ansible-project
  • Development list: ansible-devel
  • Announcement list: ansible-announce - read only
  • irc.freenode.net: #ansible

Branch Info

  • Releases are named after Led Zeppelin songs. (Releases prior to 2.0 were named after Van Halen songs.)
  • The devel branch corresponds to the release actively under development.
  • As of 1.8, modules are kept in different repos, you'll want to follow core and extras
  • Various release-X.Y branches exist for previous releases.
  • We'd love to have your contributions, read Community Information for notes on how to get started.

Authors

Ansible was created by Michael DeHaan (michael.dehaan/gmail/com) and has contributions from over 1000 users (and growing). Thanks everyone!

Ansible is sponsored by Ansible, Inc