Commit Graph

36 Commits

Author SHA1 Message Date
Mitchell Hashimoto
4b1d9cfd7d
communicator/ssh: don't share rand object to guarantee unique values
Fixes #10463

I'm really surprised this flew under the radar for years...

By having unique PRNGs, the SSH communicator could and would
generate identical ScriptPaths and two provisioners running in parallel
could overwrite each other and execute the same script. This would
happen because they're both seeded by the current time which could
potentially be identical if done in parallel...

Instead, we share the rand now so that the sequence is guaranteed
unique. As an extra measure of robustness, we also multiple by the PID
so that we're also protected against two processes at the same time.
2016-12-06 00:21:49 -08:00
James Bardin
8174037a2b Remove deprecated key_file and bastion_key_file
These were deprecated in the 0.6.x series. Their functionality was broken
in a recent release which whould have removed them as well.
2016-10-12 14:30:09 -04:00
Sander van Harmelen
968472a63e Support recreating clients and configuring Chef Vaults (#8577)
Fixes #3605 and adds the functionality suggested in PR #7440.

This PR is using a different appraoch that (IMHO) feels cleaner and (even more important) adds support for Windows at the same time.
2016-09-15 14:20:18 +02:00
Kristinn Örn Sigurðsson
bc5518f993 provisioners: Allow provisioning over IPv6 2016-09-03 15:45:24 -07:00
Paul Hinze
2f237eca44
communicator/ssh: correct test typo
Copy pasta!!
2016-06-29 10:59:55 -05:00
Paul Hinze
96c20f0dd7
communicator/{ssh,winrm}: seed random script paths
Without a seed, the "random" script path locations for the remote-exec
provisioner were actually deterministic!

Every rand.Int31() would return the same pseudorandom chain starting w/
the numbers: 1298498081, 2019727887, 1427131847, 939984059, ...

So here we properly seed the communicators so the script paths are
actually random, and multiple runs on a single remote host have much
less chance of clobbering each other.

Fixes #4186

Kudos to @DustinChaloupka for the correct hunch leading to this fix!
2016-06-29 09:32:24 -05:00
James Nugent
f2fef2556a Fix import formatting across code base 2016-04-18 17:28:46 -07:00
David Meyer
f46a629d72 communicator/winrm: Fixed HTTPS when using copy client. 2016-03-21 18:20:48 +00:00
Paul Hinze
9cbaacad32 communicator/winrm: fix data race in io copy
As the command completes, the winrm.Command does not wait for its copy of
the remote.Command streams to report itself completed.

This adds an additional sync.WaitGroup to ensure that copy is finished up
before moving on, solving the data race.

Fixes the following data race:

```
==================
WARNING: DATA RACE
Read by goroutine 6:
  github.com/hashicorp/terraform/communicator/winrm.TestStart()
      /Users/phinze/go/src/github.com/hashicorp/terraform/communicator/winrm/communicator_test.go:79 +0xa44
  testing.tRunner()
      /private/var/folders/vd/7l9ys5k57l91x63sh28wl_kc0000gn/T/workdir/go/src/testing/testing.go:456 +0xdc

Previous write by goroutine 14:
  bytes.(*Buffer).ReadFrom()
      /private/var/folders/vd/7l9ys5k57l91x63sh28wl_kc0000gn/T/workdir/go/src/bytes/buffer.go:174 +0x465
  io.copyBuffer()
      /private/var/folders/vd/7l9ys5k57l91x63sh28wl_kc0000gn/T/workdir/go/src/io/io.go:375 +0x1a5
  io.Copy()
      /private/var/folders/vd/7l9ys5k57l91x63sh28wl_kc0000gn/T/workdir/go/src/io/io.go:351 +0x78

Goroutine 6 (running) created at:
  testing.RunTests()
      /private/var/folders/vd/7l9ys5k57l91x63sh28wl_kc0000gn/T/workdir/go/src/testing/testing.go:561 +0xaa3
  testing.(*M).Run()
      /private/var/folders/vd/7l9ys5k57l91x63sh28wl_kc0000gn/T/workdir/go/src/testing/testing.go:494 +0xe4
  main.main()
      github.com/hashicorp/terraform/communicator/winrm/_test/_testmain.go:62 +0x20f

Goroutine 14 (finished) created at:
  github.com/hashicorp/terraform/communicator/winrm.runCommand()
      /Users/phinze/go/src/github.com/hashicorp/terraform/communicator/winrm/communicator.go:151 +0xf8
==================
```
2016-01-16 13:33:24 -05:00
Sander van Harmelen
c72342eefc Add SSH agent support for Windows
The Windows support is limited to the Pageant SSH authentication agent.
This fixes #3423
2015-12-15 16:39:23 +01:00
Paul Hinze
b6aed3fec3 communicator/ssh: fix typos travis didn't catch
I think rebasing and splitting got me into a weird state. This should
fix the build failures on master.
2015-11-12 16:00:28 -06:00
Paul Hinze
7ffa66d1a5 ssh: accept private key contents instead of path
We've been moving away from config fields expecting file paths that
Terraform will load, instead prefering fields that expect file contents,
leaning on `file()` to do loading from a path.

This helps with consistency and also flexibility - since this makes it
easier to shift sensitive files into environment variables.

Here we add a little helper package to manage the transitional period
for these fields where we support both behaviors.

Also included is the first of several fields being shifted over - SSH
private keys in provisioner connection config.

We're moving to new field names so the behavior is more intuitive, so
instead of `key_file` it's `private_key` now.

Additional field shifts will be included in follow up PRs so they can be
reviewed and discussed individually.
2015-11-12 14:59:14 -06:00
Panagiotis Moustafellos
e4845f75cc removed extra parentheses 2015-10-08 15:48:04 +03:00
Anthony Scalisi
198e1a5186 remove various typos 2015-09-11 11:56:20 -07:00
Paul Hinze
814d05b96e communicator/ssh: missing newline on bastion host output 2015-07-16 12:16:39 -05:00
Paul Hinze
98891aef96 Merge pull request #2684 from hashicorp/f-print-bastion-host-details
communicator/ssh: print ssh bastion host details to output
2015-07-16 12:13:32 -05:00
Paul Hinze
448a6a1b48 communicator/ssh: print ssh bastion host details to output 2015-07-10 13:02:53 -06:00
Paul Hinze
138018c896 communicator/ssh: agent forward failure is not fatal
On connections where no second hop is made, there's no problem if the
agent forwarding connection is denied, so we shouldn't treat that as a
fatal error.
2015-07-10 12:51:45 -06:00
Paul Hinze
801aaf1eec communicator/ssh: sort agent after static keyfile
In the SSH client configuration, we had SSH Agent authentication listed
before the static PrivateKey loaded from the `key_file` setting.
Switching the default of the `agent` setting exposed the fact that the
SSH agent overrides the `key_file` during the handshake. By listing the
`key_file` first, we catch the provided key before any query goes out to
the agent.

Adds a key-based authentication SSH test to cover this new behavior. It
fails without the reordering on any machine with an SSH agent running.

Fixes #2614
2015-07-02 15:41:23 -05:00
Paul Hinze
a7cbbbd258 communicator/ssh: bastion host support
* adds `bastion_*` fields to `connection` which add configuration for a
   bastion host
 * if `bastion_host` is set, connect to that host first, then jump
   through it to make the SSH connection to `host`
 * enables SSH Agent forwarding by default
2015-06-22 18:00:18 -05:00
Paul Hinze
44de0996c5 communicator/ssh: switch agent default to true
This changes SSH Agent utilization from opt-in to opt-out, bringing
Terraform in line with the behavior of Packer and the `ssh` command
itself.

But skip SSH agent connections if the SSH_AUTH_SOCK env var doesn't exist,
whcih means there's no agent to connect to.
2015-06-19 17:14:43 -05:00
Sander van Harmelen
f146a31ded Fixing #2033 by adding a small check on the input
If the input begins with a shebang, we’ll leave it as is. If not we’ll
add a default shebang…
2015-05-21 23:36:54 +02:00
Sander van Harmelen
a8dacede24 Improved some logging...
I added a debug log line in the last commit, only to find out it’s now
logging the same info twice. So removed the double entry and tweaked
the existing once.
2015-05-11 15:18:32 +02:00
Sander van Harmelen
d4150d5b1a Adding the tests... 2015-05-08 18:17:57 +02:00
Sander van Harmelen
3881c81a66 Added the exit code as well... 2015-05-05 21:56:20 +02:00
Sander van Harmelen
48f4d499f9 Fixing a small vet warning introduced by PR #1796
While fixing the vet warning also tried to improve any feedback by
showing the actual output/error instead of just the error code.

While testing this I noticed only adding stderr output is not enough as
not all error info is send to stderr, but sometimes also to stdout.
2015-05-05 21:26:28 +02:00
Luke Amdor
fbae7884eb remote-exec (ssh): chmod'ing right path 2015-05-04 15:44:44 -05:00
Luke Amdor
11b4060fee remote-exec (ssh): checking chmod command 2015-05-04 15:44:39 -05:00
Sander van Harmelen
e55169b39b Typo... 2015-05-01 22:28:12 +02:00
Sander van Harmelen
7f408cf8aa Adding an import needed for the tests
This will likely be a temp fix until `make updated eps` is made a
little smarter by @phinze 😉
2015-05-01 22:26:11 +02:00
Sander van Harmelen
a1a1ea5cf9 Removing stray comments/commands 2015-05-01 18:52:01 +02:00
Sander van Harmelen
b6660a1abe Updated test as the winrmtest package was tweaked a little...
The winrmtest package update is merged now, so this can be merged now
as well…
2015-05-01 18:52:01 +02:00
Sander van Harmelen
2689601bc3 And here are the tests...
Pretty nice test coverage this way, covering all WinRM actions/logic by
using the winrmtest package. I had to extend/update/fix that package a
little here and there, but it now serves a nice purpose for testing
WinRM stuff…
2015-05-01 18:52:01 +02:00
Sander van Harmelen
41748003c0 Updated the PR according to the review comments
* We now return an error when you set the script_path to
C:\Windows\Temp explaining this is currently not supported
* The fix in PR #1588 is converted to the updated setup in this PR
including the unit tests

Last thing to do is add a few tests for the WinRM communicator…
2015-05-01 18:52:01 +02:00
Sander van Harmelen
4a29c714e5 Adding support for WinRM 2015-05-01 18:48:54 +02:00
Sander van Harmelen
c9e9e374bb Adding some abstractions for the communicators
This is needed as preperation for adding WinRM support. There is still
one error in the tests which needs another look, but other than that it
seems like were now ready to start working on the WinRM part…
2015-05-01 18:48:54 +02:00