Closed guskovd closed 5 years ago
kitchen diagnose default-macos
transport:
compression: false
compression_level: 0
connection_retries: 5
connection_retry_sleep: 1
connection_timeout: 15
keepalive: true
keepalive_interval: 60
kitchen_root: "/home/guskov/prog/openstack-dev/states/qemu"
log_level: :info
max_ssh_sessions: 9
max_wait_until_ready: 600
name: ssh
password: vagrant
port: 22
ssh_gateway:
ssh_gateway_port: 22
ssh_gateway_username:
ssh_http_proxy:
ssh_http_proxy_password:
ssh_http_proxy_port:
ssh_http_proxy_user:
ssh_key:
test_base_path: "/home/guskov/prog/openstack-dev/states/qemu/test/integration"
username: vagrant
By the code, login_command does not use Net::SSH, which allows to bypass the interactive input of the password. I do not really understand how this should work without sshpass / Net::SSH
my dirty workaround:
lib/kitchen/transport/ssh_patch.rb:
require 'kitchen/transport/ssh'
module Kitchen
module Transport
# Wrapped exception for any internally raised SSH-related errors.
class Ssh < Kitchen::Transport::Base
class Connection < Kitchen::Transport::Base::Connection
def login_command
args = %w{ -o UserKnownHostsFile=/dev/null }
args += %w{ -o StrictHostKeyChecking=no }
args += %w{ -o IdentitiesOnly=yes } if options[:keys]
args += %W{ -o LogLevel=#{logger.debug? ? 'VERBOSE' : 'ERROR'} }
if options.key?(:forward_agent)
args += %W{ -o ForwardAgent=#{options[:forward_agent] ? 'yes' : 'no'} }
end
if ssh_gateway
gateway_command = "ssh -q #{ssh_gateway_username}@#{ssh_gateway} nc #{hostname} #{port}"
args += %W{ -o ProxyCommand=#{gateway_command} -p #{ssh_gateway_port} }
end
Array(options[:keys]).each { |ssh_key| args += %W{ -i #{ssh_key} } }
args += %W{ -p #{port} }
args += %W{ #{username}@#{hostname} }
if options[:password]
LoginCommand.new("sshpass", ["-p", options[:password], "ssh"] + args)
else
LoginCommand.new("ssh", args)
end
end
end
end
end
end
and in .kitchen.yml:
<% require_relative 'lib/kitchen/transport/ssh_patch.rb' %>
What driver are you using?
It appears from the output that you're using kitchen-vagrant
in which case Vagrant presumes base boxes have an SSH key already added. This isn't to say we can't make login friendlier in some respects but it generally follows how the drivers operate and almost all of them expect ssh keys.
In our infrastructure I use kitchen-openstack, kitchen-qemu and kitchen-docker. In some cases it is quite inconvenient to use keys, for example when working with windows and macos images. They are not very well compatible with cloud-init / nocloud So I would like to use a password.
I don't think we want to make Kitchen reliant on sshpass
as an external tool. So my vote is that you can use passwords just fine, but that kitchen login
won't be automatic. You can use kitchen exec
for single, non-interactive commands, which runs via Kitchen's transport layer and so will work without having to type something in.
kitchen login
has never worked for Windows as there is no expected shell, it drops an RDP file so that's moot. For MacOS I know this works because I build images for Chef internally and the standard method of making a key available for Vagrant work exactly as expected.
That is to say, if you want to do things your own way and disregard the standard Vagrant guidance for building boxes that's your call but we're not going to change the tool to support something explicitly recommended against without very good reason.
I do not understand why you can call mstsc.exe from test-kitchen: https://github.com/test-kitchen/test-kitchen/blob/9c771433645495500f0c6da21927208826ec8d5d/lib/kitchen/transport/winrm.rb#L318 but you can not use sshpass.
That's a standard program included with Windows (at least Windows Server) and more importantly there isn't really much of an option or I would happily change that to be more generic :) Conversely sshpass
is not generally installed on most machines and this addresses a very niche use case.
kitchen login has never worked for Windows as there is no expected shell, it drops an RDP file so that's moot. For MacOS I know this works because I build images for Chef internally and the standard method of making a key available for Vagrant work exactly as expected.
I'm using cygwin + ssh. kitchen converge works great. kitchen login - no
"for Windows" he meant Windows test instances, not Windows workstations. The OS of the workstation is mostly moot, though we do change which RDP client is used by default based on the workstation OS.
Here is another example of use. kitchen-transport-rsync uses the login_command method. https://github.com/unibet/kitchen-transport-rsync/blob/d6b60ddbfdc1f08d72fd5a49d0b048627b80c285/lib/kitchen/transport/rsync.rb#L42 It seems that their plugin works with my patch
Sure, you can certainly move this sshpass support into your own plugin. Going to close this out.
In my opinion, where to write warning to user: "install sshpass", if it is not installed and drop to enter password
In my opinion, where to write warning to user: "install sshpass", if it is not installed and drop to enter password
If I make a merge-request with this approach, do you accept?
No, this goes against how most drivers operate and doesn't solve a general problem - this solves only a specific problem for yourself that is because you're not baking the boxes/base images with keys which is fairly standard practice at this point.
As @coderanger mentions, you can write your own plugin to do this but it's not something we intend to support for all the reasons given.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
It seems that kitchen login does not use the password option
kitchen converge - OK