2 # NEPI, a framework to manage network experiments
3 # Copyright (C) 2013 INRIA
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License version 2 as
7 # published by the Free Software Foundation;
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 # Author: Alina Quereilhac <alina.quereilhac@inria.fr>
18 # Claudio Freire <claudio-daniel.freire@inria.fr>
20 ## TODO: This code needs reviewing !!!
37 _re_inet = re.compile("\d+:\s+(?P<name>[a-z0-9_-]+)\s+inet6?\s+(?P<inet>[a-f0-9.:/]+)\s+(brd\s+[0-9.]+)?.*scope\s+global.*")
39 logger = logging.getLogger("sshfuncs")
41 def log(msg, level, out = None, err = None):
43 msg += " - OUT: %s " % out
46 msg += " - ERROR: %s " % err
48 logger.log(level, msg)
50 if hasattr(os, "devnull"):
53 DEV_NULL = "/dev/null"
55 SHELL_SAFE = re.compile('^[-a-zA-Z0-9_=+:.,/]*$')
59 Special value that when given to rspawn in stderr causes stderr to
60 redirect to whatever stdout was redirected to.
65 Codes for status of remote spawned process
67 # Process is still running
73 # Process hasn't started running yet (this should be very rare)
76 hostbyname_cache = dict()
77 hostbyname_cache_lock = threading.Lock()
79 def resolve_hostname(host):
82 if host in ["localhost", "127.0.0.1", "::1"]:
83 p = subprocess.Popen("ip -o addr list", shell=True,
84 stdout=subprocess.PIPE, stderr=subprocess.PIPE)
85 stdout, stderr = p.communicate()
86 m = _re_inet.findall(stdout)
87 ip = m[0][1].split("/")[0]
89 ip = socket.gethostbyname(host)
93 def gethostbyname(host):
94 global hostbyname_cache
95 global hostbyname_cache_lock
97 hostbyname = hostbyname_cache.get(host)
99 with hostbyname_cache_lock:
100 hostbyname = resolve_hostname(host)
101 hostbyname_cache[host] = hostbyname
103 msg = " Added hostbyname %s - %s " % (host, hostbyname)
104 log(msg, logging.DEBUG)
108 OPENSSH_HAS_PERSIST = None
110 def openssh_has_persist():
111 """ The ssh_config options ControlMaster and ControlPersist allow to
112 reuse a same network connection for multiple ssh sessions. In this
113 way limitations on number of open ssh connections can be bypassed.
114 However, older versions of openSSH do not support this feature.
115 This function is used to determine if ssh connection persist features
118 global OPENSSH_HAS_PERSIST
119 if OPENSSH_HAS_PERSIST is None:
120 proc = subprocess.Popen(["ssh","-v"],
121 stdout = subprocess.PIPE,
122 stderr = subprocess.STDOUT,
123 stdin = open("/dev/null","r") )
124 out,err = proc.communicate()
127 vre = re.compile(r'OpenSSH_(?:[6-9]|5[.][8-9]|5[.][1-9][0-9]|[1-9][0-9]).*', re.I)
128 OPENSSH_HAS_PERSIST = bool(vre.match(out))
129 return OPENSSH_HAS_PERSIST
131 def make_server_key_args(server_key, host, port):
132 """ Returns a reference to a temporary known_hosts file, to which
133 the server key has been added.
135 Make sure to hold onto the temp file reference until the process is
138 :param server_key: the server public key
139 :type server_key: str
141 :param host: the hostname
144 :param port: the ssh port
149 host = '%s:%s' % (host, str(port))
151 # Create a temporary server key file
152 tmp_known_hosts = tempfile.NamedTemporaryFile()
154 hostbyname = gethostbyname(host)
156 # Add the intended host key
157 tmp_known_hosts.write('%s,%s %s\n' % (host, hostbyname, server_key))
159 # If we're not in strict mode, add user-configured keys
160 if os.environ.get('NEPI_STRICT_AUTH_MODE',"").lower() not in ('1','true','on'):
161 user_hosts_path = '%s/.ssh/known_hosts' % (os.environ.get('HOME',""),)
162 if os.access(user_hosts_path, os.R_OK):
163 f = open(user_hosts_path, "r")
164 tmp_known_hosts.write(f.read())
167 tmp_known_hosts.flush()
169 return tmp_known_hosts
171 def make_control_path(agent, forward_x11):
172 ctrl_path = "/tmp/nepi_ssh"
180 ctrl_path += "-%r@%h:%p"
185 """ Escapes strings so that they are safe to use as command-line
187 if SHELL_SAFE.match(s):
188 # safe string - no escaping needed
191 # unsafe string - escape
193 if (32 <= ord(c) < 127 or c in ('\r','\n','\t')) and c not in ("'",'"'):
196 return "'$'\\x%02x''" % (ord(c),)
197 s = ''.join(map(escp,s))
200 def eintr_retry(func):
201 """Retries a function invocation when a EINTR occurs"""
203 @functools.wraps(func)
205 retry = kw.pop("_retry", False)
206 for i in xrange(0 if retry else 4):
208 return func(*p, **kw)
209 except (select.error, socket.error), args:
210 if args[0] == errno.EINTR:
215 if e.errno == errno.EINTR:
220 return func(*p, **kw)
223 def rexec(command, host, user,
233 connect_timeout = 30,
238 strict_host_checking = True):
240 Executes a remote command, returns ((stdout,stderr),process)
243 tmp_known_hosts = None
245 hostip = gethostbyname(host)
249 # Don't bother with localhost. Makes test easier
250 '-o', 'NoHostAuthenticationForLocalhost=yes',
251 '-o', 'ConnectTimeout=%d' % (int(connect_timeout),),
252 '-o', 'ConnectionAttempts=3',
253 '-o', 'ServerAliveInterval=30',
254 '-o', 'TCPKeepAlive=yes',
255 '-o', 'Batchmode=yes',
256 '-l', user, hostip or host]
258 if persistent and openssh_has_persist():
260 '-o', 'ControlMaster=auto',
261 '-o', 'ControlPath=%s' % (make_control_path(agent, forward_x11),),
262 '-o', 'ControlPersist=60' ])
264 if not strict_host_checking:
265 # Do not check for Host key. Unsafe.
266 args.extend(['-o', 'StrictHostKeyChecking=no'])
269 proxycommand = _proxy_command(gw, gwuser, identity)
270 args.extend(['-o', proxycommand])
276 args.append('-p%d' % port)
279 identity = os.path.expanduser(identity)
280 args.extend(('-i', identity))
290 # Create a temporary server key file
291 tmp_known_hosts = make_server_key_args(server_key, host, port)
292 args.extend(['-o', 'UserKnownHostsFile=%s' % (tmp_known_hosts.name,)])
295 command = "sudo " + command
299 log_msg = " rexec - host %s - command %s " % (str(host), " ".join(map(str, args)))
301 stdout = stderr = stdin = subprocess.PIPE
303 stdout = stderr = stdin = None
305 return _retry_rexec(args, log_msg,
311 tmp_known_hosts = tmp_known_hosts,
314 def rcopy(source, dest,
322 strict_host_checking = True):
324 Copies from/to remote sites.
326 Source and destination should have the user and host encoded
329 Source can be a list of files to copy to a single destination,
330 (in which case it is advised that the destination be a folder),
331 or a single file in a string.
334 # Parse destination as <user>@<server>:<path>
335 if isinstance(dest, str) and ':' in dest:
336 remspec, path = dest.split(':',1)
337 elif isinstance(source, str) and ':' in source:
338 remspec, path = source.split(':',1)
340 raise ValueError, "Both endpoints cannot be local"
341 user,host = remspec.rsplit('@',1)
344 tmp_known_hosts = None
346 args = ['scp', '-q', '-p', '-C',
347 # 2015-06-01 Thierry: I am commenting off blowfish
348 # as this is not available on a plain ubuntu 15.04 install
349 # this IMHO is too fragile, shoud be something the user
350 # decides explicitly (so he is at least aware of that dependency)
351 # Speed up transfer using blowfish cypher specification which is
352 # faster than the default one (3des)
354 # Don't bother with localhost. Makes test easier
355 '-o', 'NoHostAuthenticationForLocalhost=yes',
356 '-o', 'ConnectTimeout=60',
357 '-o', 'ConnectionAttempts=3',
358 '-o', 'ServerAliveInterval=30',
359 '-o', 'TCPKeepAlive=yes' ]
362 args.append('-P%d' % port)
365 proxycommand = _proxy_command(gw, gwuser, identity)
366 args.extend(['-o', proxycommand])
372 identity = os.path.expanduser(identity)
373 args.extend(('-i', identity))
376 # Create a temporary server key file
377 tmp_known_hosts = make_server_key_args(server_key, host, port)
378 args.extend(['-o', 'UserKnownHostsFile=%s' % (tmp_known_hosts.name,)])
380 if not strict_host_checking:
381 # Do not check for Host key. Unsafe.
382 args.extend(['-o', 'StrictHostKeyChecking=no'])
384 if isinstance(source, list):
387 if openssh_has_persist():
389 '-o', 'ControlMaster=auto',
390 '-o', 'ControlPath=%s' % (make_control_path(False, False),)
394 if isinstance(dest, list):
399 log_msg = " rcopy - host %s - command %s " % (str(host), " ".join(map(str, args)))
401 return _retry_rexec(args, log_msg, env = None, retry = retry,
402 tmp_known_hosts = tmp_known_hosts,
405 def rspawn(command, pidfile,
406 stdout = '/dev/null',
421 strict_host_checking = True):
423 Spawn a remote command such that it will continue working asynchronously in
426 :param command: The command to run, it should be a single line.
429 :param pidfile: Path to a file where to store the pid and ppid of the
433 :param stdout: Path to file to redirect standard output.
434 The default value is /dev/null
437 :param stderr: Path to file to redirect standard error.
438 If the special STDOUT value is used, stderr will
439 be redirected to the same file as stdout
442 :param stdin: Path to a file with input to be piped into the command's standard input
445 :param home: Path to working directory folder.
446 It is assumed to exist unless the create_home flag is set.
449 :param create_home: Flag to force creation of the home folder before
451 :type create_home: bool
453 :param sudo: Flag forcing execution with sudo user
458 (stdout, stderr), process
460 Of the spawning process, which only captures errors at spawning time.
461 Usually only useful for diagnostics.
463 # Start process in a "daemonized" way, using nohup and heavy
464 # stdin/out redirection to avoid connection issues
468 stderr = ' ' + stderr
470 daemon_command = '{ { %(command)s > %(stdout)s 2>%(stderr)s < %(stdin)s & } ; echo $! 1 > %(pidfile)s ; }' % {
472 'pidfile' : shell_escape(pidfile),
478 cmd = "%(create)s%(gohome)s rm -f %(pidfile)s ; %(sudo)s nohup bash -c %(command)s " % {
479 'command' : shell_escape(daemon_command),
480 'sudo' : 'sudo -S' if sudo else '',
481 'pidfile' : shell_escape(pidfile),
482 'gohome' : 'cd %s ; ' % (shell_escape(home),) if home else '',
483 'create' : 'mkdir -p %s ; ' % (shell_escape(home),) if create_home and home else '',
486 (out,err),proc = rexec(
495 server_key = server_key,
497 strict_host_checking = strict_host_checking ,
501 raise RuntimeError, "Failed to set up application on host %s: %s %s" % (host, out,err,)
503 return ((out, err), proc)
515 strict_host_checking = True):
517 Returns the pid and ppid of a process from a remote file where the
518 information was stored.
520 :param home: Path to directory where the pidfile is located
523 :param pidfile: Name of file containing the pid information
528 A (pid, ppid) tuple useful for calling rstatus and rkill,
529 or None if the pidfile isn't valid yet (can happen when process is staring up)
532 (out,err),proc = rexec(
533 "cat %(pidfile)s" % {
543 server_key = server_key,
544 strict_host_checking = strict_host_checking
552 return map(int,out.strip().split(' ',1))
554 # Ignore, many ways to fail that don't matter that much
558 def rstatus(pid, ppid,
567 strict_host_checking = True):
569 Returns a code representing the the status of a remote process
571 :param pid: Process id of the process
574 :param ppid: Parent process id of process
577 :rtype: int (One of NOT_STARTED, RUNNING, FINISHED)
580 (out,err),proc = rexec(
581 # Check only by pid. pid+ppid does not always work (especially with sudo)
582 " (( ps --pid %(pid)d -o pid | grep -c %(pid)d && echo 'wait') || echo 'done' ) | tail -n 1" % {
593 server_key = server_key,
594 strict_host_checking = strict_host_checking
598 return ProcStatus.NOT_STARTED
602 if err.strip().find("Error, do this: mount -t proc none /proc") >= 0:
605 status = (out.strip() == 'wait')
607 return ProcStatus.NOT_STARTED
608 return ProcStatus.RUNNING if status else ProcStatus.FINISHED
622 strict_host_checking = True):
624 Sends a kill signal to a remote process.
626 First tries a SIGTERM, and if the process does not end in 10 seconds,
629 :param pid: Process id of process to be killed
632 :param ppid: Parent process id of process to be killed
635 :param sudo: Flag indicating if sudo should be used to kill the process
639 subkill = "$(ps --ppid %(pid)d -o pid h)" % { 'pid' : pid }
641 SUBKILL="%(subkill)s" ;
642 %(sudo)s kill -- -%(pid)d $SUBKILL || /bin/true
643 %(sudo)s kill %(pid)d $SUBKILL || /bin/true
644 for x in 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 ; do
646 if [ `ps --pid %(pid)d -o pid | grep -c %(pid)d` == '0' ]; then
649 %(sudo)s kill -- -%(pid)d $SUBKILL || /bin/true
650 %(sudo)s kill %(pid)d $SUBKILL || /bin/true
654 if [ `ps --pid %(pid)d -o pid | grep -c %(pid)d` != '0' ]; then
655 %(sudo)s kill -9 -- -%(pid)d $SUBKILL || /bin/true
656 %(sudo)s kill -9 %(pid)d $SUBKILL || /bin/true
660 cmd = "( %s ) >/dev/null 2>/dev/null </dev/null &" % (cmd,)
662 (out,err),proc = rexec(
666 'sudo' : 'sudo -S' if sudo else '',
676 server_key = server_key,
677 strict_host_checking = strict_host_checking
680 # wait, don't leave zombies around
683 return (out, err), proc
685 def _retry_rexec(args,
687 stdout = subprocess.PIPE,
688 stdin = subprocess.PIPE,
689 stderr = subprocess.PIPE,
692 tmp_known_hosts = None,
695 for x in xrange(retry):
696 # display command actually invoked when debug is turned on
697 message = " ".join( [ "'{}'".format(arg) for arg in args ] )
698 log("sshfuncs: invoking {}".format(message), logging.DEBUG)
699 # connects to the remote host and starts a remote connection
700 proc = subprocess.Popen(args,
706 # attach tempfile object to the process, to make sure the file stays
707 # alive until the process is finished with it
708 proc._known_hosts = tmp_known_hosts
710 # The argument block == False forces to rexec to return immediately,
715 #(out, err) = proc.communicate()
716 # The method communicate was re implemented for performance issues
717 # when using python subprocess communicate method the ssh commands
718 # last one minute each
719 out, err = _communicate(proc, input=None)
722 out = proc.stdout.read()
723 if proc.poll() and stderr:
724 err = proc.stderr.read()
726 log(log_msg, logging.DEBUG, out, err)
731 if err.strip().startswith('ssh: ') or err.strip().startswith('mux_client_hello_exchange: '):
732 # SSH error, can safely retry
735 # Probably timed out or plain failed but can retry
740 msg = "SLEEPING %d ... ATEMPT %d - command %s " % (
741 t, x, " ".join(args))
742 log(msg, logging.DEBUG)
747 except RuntimeError, e:
748 msg = " rexec EXCEPTION - TIMEOUT -> %s \n %s" % ( e.args, log_msg )
749 log(msg, logging.DEBUG, out, err)
755 return ((out, err), proc)
758 # Don't remove. The method communicate was re implemented for performance issues
759 def _communicate(proc, input, timeout=None, err_on_timeout=True):
762 stdout = None # Return
763 stderr = None # Return
767 if timeout is not None:
768 timelimit = time.time() + timeout
769 killtime = timelimit + 4
770 bailtime = timelimit + 4
773 # Flush stdio buffer. This might block, if the user has
774 # been writing to .stdin in an uncontrolled fashion.
777 write_set.append(proc.stdin)
782 read_set.append(proc.stdout)
786 read_set.append(proc.stderr)
790 while read_set or write_set:
791 if timeout is not None:
792 curtime = time.time()
793 if timeout is None or curtime > timelimit:
794 if curtime > bailtime:
796 elif curtime > killtime:
797 signum = signal.SIGKILL
799 signum = signal.SIGTERM
801 os.kill(proc.pid, signum)
804 select_timeout = timelimit - curtime + 0.1
808 if select_timeout > 1.0:
812 rlist, wlist, xlist = select.select(read_set, write_set, [], select_timeout)
813 except select.error,e:
819 if not rlist and not wlist and not xlist and proc.poll() is not None:
820 # timeout and process exited, say bye
823 if proc.stdin in wlist:
824 # When select has indicated that the file is writable,
825 # we can write up to PIPE_BUF bytes without risk
826 # blocking. POSIX defines PIPE_BUF >= 512
827 bytes_written = os.write(proc.stdin.fileno(),
828 buffer(input, input_offset, 512))
829 input_offset += bytes_written
831 if input_offset >= len(input):
833 write_set.remove(proc.stdin)
835 if proc.stdout in rlist:
836 data = os.read(proc.stdout.fileno(), 1024)
839 read_set.remove(proc.stdout)
842 if proc.stderr in rlist:
843 data = os.read(proc.stderr.fileno(), 1024)
846 read_set.remove(proc.stderr)
849 # All data exchanged. Translate lists into strings.
850 if stdout is not None:
851 stdout = ''.join(stdout)
852 if stderr is not None:
853 stderr = ''.join(stderr)
855 # Translate newlines, if requested. We cannot let the file
856 # object do the translation: It is based on stdio, which is
857 # impossible to combine with select (unless forcing no
859 if proc.universal_newlines and hasattr(file, 'newlines'):
861 stdout = proc._translate_newlines(stdout)
863 stderr = proc._translate_newlines(stderr)
865 if killed and err_on_timeout:
866 errcode = proc.poll()
867 raise RuntimeError, ("Operation timed out", errcode, stdout, stderr)
873 return (stdout, stderr)
875 def _proxy_command(gw, gwuser, gwidentity):
877 Constructs the SSH ProxyCommand option to add to the SSH command to connect
879 :param gw: SSH proxy hostname
882 :param gwuser: SSH proxy username
885 :param gwidentity: SSH proxy identity file
886 :type gwidentity: str
891 returns the SSH ProxyCommand option.
894 proxycommand = 'ProxyCommand=ssh -q '
896 proxycommand += '-i %s ' % os.path.expanduser(gwidentity)
898 proxycommand += '%s' % gwuser
901 proxycommand += '@%s -W %%h:%%p' % gw
git://git.onelab.eu / nepi.git / blob