saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.19k stars 5.48k forks source link

[BUG] salt-ssh: un-handled exception when *not* deploying key #66610

Open dseomn opened 5 months ago

dseomn commented 5 months ago

Description

If salt-ssh asks do you want to deploy the salt-ssh key and I enter n, I get an exception.

Setup (Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)

Please be as specific as possible and give set-up details.

I normally leave ssh control sockets open and have salt-ssh use those with no additional authentication. Occasionally a connection to a host is lost though, and I don't notice until after running salt-ssh. When that happens, ssh returns 255:

$ time ssh [REDACTED]; echo $?
sign_and_send_pubkey: signing failed for RSA "cardno:[REDACTED]" from agent: agent refused operation
dseomn@[REDACTED]: Permission denied (publickey).

real    0m14,689s
user    0m0,093s
sys 0m0,027s
255

The options I'm using with salt-ssh: https://github.com/dseomn/system-configs/blob/1e5298cbdfcfdd5f078d93690c8100a6625f789e/Saltfile#L26-L31

Steps to Reproduce the behavior

  1. Get ssh to fail. In my case it's returning 255 (see previous section), but I don't know if the specific return code matters.
  2. Run salt-ssh.
  3. When it asks about deploying the salt-ssh key, select n. That causes an exception in salt-ssh and it doesn't show results for any other hosts after this point.

Expected behavior

salt-ssh should fail on the host that I chose not to deploy keys on, but it should work for all the other hosts where ssh works.

Screenshots

$ salt-ssh [REDACTED] test.ping
Permission denied for host [REDACTED], do you want to deploy the salt-ssh key? (password required):
[Y/n] n
[ERROR   ] An un-handled exception was caught by Salt's global exception handler:
ValueError: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):
  File "/usr/bin/salt-ssh", line 11, in <module>
    sys.exit(salt_ssh())
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/scripts.py", line 468, in salt_ssh
    client.run()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/cli/ssh.py", line 20, in run
    ssh.run()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/ssh/__init__.py", line 878, in run
    ret, deploy_retcode = self.key_deploy(host, ret)
ValueError: not enough values to unpack (expected 2, got 1)
Traceback (most recent call last):
  File "/usr/bin/salt-ssh", line 11, in <module>
    sys.exit(salt_ssh())
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/scripts.py", line 468, in salt_ssh
    client.run()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/cli/ssh.py", line 20, in run
    ssh.run()
  File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/client/ssh/__init__.py", line 878, in run
    ret, deploy_retcode = self.key_deploy(host, ret)
ValueError: not enough values to unpack (expected 2, got 1)

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) ```yaml Salt Version: Salt: 3007.1 Python Version: Python: 3.10.14 (main, Apr 3 2024, 21:30:09) [GCC 11.2.0] Dependency Versions: cffi: 1.16.0 cherrypy: unknown dateutil: 2.8.2 docker-py: Not Installed gitdb: Not Installed gitpython: Not Installed Jinja2: 3.1.4 libgit2: Not Installed looseversion: 1.3.0 M2Crypto: Not Installed Mako: Not Installed msgpack: 1.0.7 msgpack-pure: Not Installed mysql-python: Not Installed packaging: 23.1 pycparser: 2.21 pycrypto: Not Installed pycryptodome: 3.19.1 pygit2: Not Installed python-gnupg: 0.5.2 PyYAML: 6.0.1 PyZMQ: 25.1.2 relenv: 0.16.0 smmap: Not Installed timelib: 0.3.0 Tornado: 6.3.3 ZMQ: 4.3.4 Salt Package Information: Package Type: onedir System Versions: dist: debian n/a trixie locale: utf-8 machine: x86_64 release: 6.7.12-amd64 system: Linux version: Debian GNU/Linux n/a trixie ```

Additional context N/A

lkubb commented 5 months ago

Yup, I missed a , None in https://github.com/saltstack/salt/pull/64542, so this affects 3007.0+.

diff --git a/salt/client/ssh/__init__.py b/salt/client/ssh/__init__.py
index b8cf40f0f5..a2cda6d1dc 100644
--- a/salt/client/ssh/__init__.py
+++ b/salt/client/ssh/__init__.py
@@ -480,7 +480,7 @@ class SSH(MultiprocessingStateMixin):
             )
             deploy = input("[Y/n] ")
             if deploy.startswith(("n", "N")):
-                return ret
+                return ret, None
             target["passwd"] = getpass.getpass(
                 "Password for {}@{}: ".format(target["user"], host)
             )