search

fabric / fabric

Simple, Pythonic remote execution and deployment.
http://fabfile.org
BSD 2-Clause "Simplified" License
14.88k stars 1.94k forks source link

Fabric asks for password when proxy connection fails #1702

Open gargantuanprism opened 6 years ago

gargantuanprism commented 6 years ago

Python 2.7.12 Fabric 1.14.0 Paramiko 2.4.0 Ubuntu 16.04 LTS

Because of our network topology, I'm generating an SSH config on the fly to use with Fabric. It looks like this:

host ls-prog-01
proxycommand ssh ubuntu@tunnel.xyz -W localhost:42131

host ls-prog-02
proxycommand ssh ubuntu@tunnel.xyz -W localhost:40151

host ls-prog-03
proxycommand ssh ubuntu@tunnel.xyz -W localhost:36132

host ls-prog-04
proxycommand ssh ubuntu@tunnel.xyz -W localhost:38155

host ls-prog-05
proxycommand ssh ubuntu@tunnel.xyz -W localhost:33308

host ls-prog-06
proxycommand ssh ubuntu@tunnel.xyz -W localhost:46188

What I'm doing here is using tunnel.xyz as a bastion for some hosts outside our network that open SSH connections to random ports. I was trying to use a more generic solution, but Paramiko was not respecting the %p parameter in my existing SSH config.

Running this command: fab -H ls-prog-05,ls-prog-06 test and getting this output:

[ls-prog-05] Executing task 'test'
[ls-prog-05] run: echo "test"
[ls-prog-05] out: test
[ls-prog-05] out:

[ls-prog-06] Executing task 'test'
[ls-prog-06] run: echo "test"
[ls-prog-06] Login password for 'pi': No handlers could be found for logger "paramiko.transport"

I should note that ls-prog-05 is up and ls-prog-06 is down, and env.user = 'pi'.

I'd assume proper behavior would be to barf and abort that specific task for ls-prog-06, but instead it asks me for a password. It also seems as though env.skip_bad_hosts doesn't do anything in this situation and env.abort_on_prompts aborts the whole session, not just the task(s) for that problematic host.

zhan9san commented 6 years ago

Env information:

$ pip freeze | grep -E "(Fabric|para)"
Fabric==1.14.0
paramiko==2.4.0
$ python -V
Python 2.7.12
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.2 LTS
Release:        16.04
Codename:       xenial
$ cat .ssh/config
host 192.168.10.254
proxycommand ssh steve@192.168.10.221 -W %h:%p
host 192.168.10.25
proxycommand ssh steve@192.168.10.221 -W %h:%p

Work with fabric

Do fabric task with '--skip-bad-hosts'

$ fab -H 192.168.10.254,192.168.10.25 -usteve --skip-bad-hosts test1
[192.168.10.254] Executing task 'test1'
[192.168.10.254] run: w

Warning: Timed out trying to connect to 192.168.10.254 (tried 1 time)

Underlying exception:
    timed out

[192.168.10.25] Executing task 'test1'
[192.168.10.25] run: w

Warning: Timed out trying to connect to 192.168.10.25 (tried 1 time)

Underlying exception:
    timed out

Done.

Do fabric task without '--skip-bad-hosts'

$ fab -H 192.168.10.254,192.168.10.25 -usteve test1
[192.168.10.254] Executing task 'test1'
[192.168.10.254] run: w

Fatal error: Timed out trying to connect to 192.168.10.254 (tried 1 time)

Underlying exception:
    timed out

Aborting.

Sorry. It is different from your description. Is there any other information in your problem? And if 'ls-prog-05 is up and ls-prog-06 is down', the port 'localhost:46188' on 'tunnel.xyz' isn't down? @0xANDREW