Make using named pipe for adding passwords conditional on the version

of ssh used.
2026-01-11 01:57:35 -03:30 · 2015-06-11 14:47:42 -04:00 · 2015-06-11 14:47:42 -04:00 · bcc18aa689
commit bcc18aa689
parent 322fdc37a4
2 changed files with 16 additions and 3 deletions
--- a/awx/main/tasks.py
+++ b/awx/main/tasks.py
@ -40,7 +40,7 @@ from django.utils.timezone import now
 from awx.main.constants import CLOUD_PROVIDERS
 from awx.main.models import * # noqa
 from awx.main.queue import FifoQueue
-from awx.main.utils import (get_ansible_version, decrypt_field, update_scm_url,
+from awx.main.utils import (get_ansible_version, get_ssh_version, decrypt_field, update_scm_url,
                            ignore_inventory_computed_fields, emit_websocket_notification,
                            check_proot_installed, build_proot_temp_dir, wrap_args_with_proot)
 from awx.fact.utils.connection import test_mongo_connection
@ -273,10 +273,12 @@ class BaseTask(Task):
        private_data = self.build_private_data(instance, **kwargs)
        private_data_files = {}
        if private_data is not None:
+            ssh_ver = get_ssh_version()
+            ssh_too_old = True if ssh_ver == "unknown" else Version(ssh_ver) < Version("6.0")
            for name, data in private_data.iteritems():
                # For credentials used with ssh-add, write to a named pipe which
                # will be read then closed, instead of leaving the SSH key on disk.
-                if name in ('credential', 'scm_credential', 'ad_hoc_credential'):
+                if name in ('credential', 'scm_credential', 'ad_hoc_credential') and not ssh_too_old:
                    path = os.path.join(kwargs.get('private_data_dir', tempfile.gettempdir()), name)
                    os.mkfifo(path, 0600)
                    thread.start_new_thread(lambda p, d: open(p, 'w').write(d), (path, data))
--- a/awx/main/utils.py
+++ b/awx/main/utils.py
@ -27,7 +27,7 @@ from Crypto.Cipher import AES
 logger = logging.getLogger('awx.main.utils')

 __all__ = ['get_object_or_400', 'get_object_or_403', 'camelcase_to_underscore',
-           'get_ansible_version', 'get_awx_version', 'update_scm_url',
+           'get_ansible_version', 'get_ssh_version', 'get_awx_version', 'update_scm_url',
           'get_type_for_model', 'get_model_for_type', 'to_python_boolean',
           'ignore_inventory_computed_fields', 'ignore_inventory_group_removal',
           '_inventory_updates', 'get_pk_from_dict']
@ -104,6 +104,17 @@ def get_ansible_version():
    except:
        return 'unknown'

+def get_ssh_version():
+    '''
+    Return SSH version installed.
+    '''
+    try:
+        proc = subprocess.Popen(['ssh', '-V'],
+                                stderr=subprocess.PIPE)
+        result = proc.communicate()[1]
+        return result.split(" ")[0].split("_")[1]
+    except:
+        return 'unknown'

 def get_awx_version():
    '''