Re: [Fab-user] How set shell to none

[Jeff Forcier]

Yes, we use the SSH command execution API call (in Paramiko,
'exec_command') for the reasons Christian outlines. Fabric does offer
a basic "open a shell for the active user" API call (open_shell()
IIRC) but that is, as the name implies, not useful for automated
scripting.

I think what's going on is that "command | ssh your-device" is hooking
up your stdin to the remote default login shell (which is what SSH
opens if no command is given -- equivalent to Fabric's default mode of
operation, as discussed). This shell is probably not bash or sh, as
per earlier mails. It's not even clear whether it's a "real" POSIX
shell environment (which is all we support) as it's a vendor device.

If it's possible to determine whether there is a real shell involved
(e.g. 'ps' or vendor docs), you may want to try setting env.shell =
'/path/to/that/shell -maybe -with -args'. This tells Fabric to do the
equivalent of:

ssh target /path/to/shell -args "real command"

Which would help if the core problem is that your command(s) need that
shell environment to work right.

If, as I suspect, the problem is just that this device doesn't have a
real POSIX shell environment and is designed around purely interactive
execution, Fabric may not be a good fit (unless using its task stuff
is still desirable, in which case you could probably poke around with
local("echo command | ssh target") as somebody suggested).

Best,
Jeff


On Wed, Apr 10, 2013 at 10:54 AM, Chris Vest <address@hidden> wrote:
> With the command sub-protocol (which I'm calling it because I don't remember
> what it is otherwise called) a client (fabric, ssh, etc) will be told the
> return code of a command when it finishes executing on the remote machine.
>
> With the shell sub-protocol, you are told the return code of the shell, when
> the shell session ends. Shell sessions usually end “well” even if all the
> commands executed through it has failed. Shells also typically wait for more
> input when they've finished running a command, and they only notify you of
> this by printing a dynamically configurable string that typically doesn't
> end with a line break.
>
> That's why tools like fabric prefer to use the command sub-protocol. I don't
> know of any good work around to this.
>
> Chris
>
> On 10 Apr 2013, at 19:04, Zhigang Wang <address@hidden> wrote:
>
> On Wed, Apr 10, 2013 at 9:49 AM, Chris Vest <address@hidden> wrote:
>>
>> So you say this works:
>> echo "<cmd>" | ssh address@hidden:port
>>
>
> yes
>
>>
>> Does this work?
>> ssh address@hidden:port "<cmd>"
>
>
> no
>
>>
>> Fabric (assuming my info is current) uses the command sub-protocol of ssh,
>> not the shell sub-protocol, which I'm guessing is what happens when you pipe
>> to ssh.
>>
>
> Seems we are tracking down to the point. Will check what is the difference
> between the two. If anyone has a workaround for fabric to use "shell
> sub-protocol"?
>
> Thanks,
>
> Zhigang
>
>>
>> Chris
>>
>> On 10/04/2013, at 16.51, Zhigang Wang <address@hidden> wrote:
>>
>> Thanks very much. However, it doesn't work.
>>
>> I think this issue may live in the paramiko side: don't know anyone
>> familiar with the difference between:
>>
>> 1. ssh address@hidden:port <cmd>
>>
>> 2. echo "<cmd>" | ssh address@hidden:port
>>
>> The second one works. So maybe we can emulate that behavior in
>> paramiko/fabric.
>>
>> Thanks,
>>
>> Zhigang
>>
>>
>>
>> On Tue, Apr 9, 2013 at 9:52 PM, Jeff Forcier <address@hidden> wrote:
>>>
>>> Pro tip:
>>>
>>> * Read up on what ssh -T does (it disables allocation of a remote pty)
>>> * Search Fabric docs for "pty"
>>> * Find out you can set env.always_use_pty=False to disable use of a
>>> remote pty
>>> * Hopefully discover that this fixes the problem (?)
>>>
>>>
>>> On Tue, Apr 9, 2013 at 7:16 PM, Zhigang Wang <address@hidden> wrote:
>>> > Thanks.
>>> >
>>> > Currently I hit this:
>>> >
>>> > http://net-ssh.lighthouseapp.com/projects/36253/tickets/32-sun-ilom-wont-accept-commands-even-after-successful-login
>>> >
>>> > Maybe a ILOM bug, but they have workaround:
>>> >
>>> > Doesnt' work:
>>> >
>>> > $ ssh -t address@hidden "show /SYS"
>>> >
>>> > Warning: Permanently added 'ca-dev33m,10.211.2.238' (RSA) to the list
>>> > of
>>> > known hosts.
>>> > Password:
>>> > shell: Invalid credentials
>>> >
>>> >
>>> > Connection to ca-dev33m closed.
>>> >
>>> > Works:
>>> >
>>> > $ echo "show /SYS" | ssh -T address@hidden
>>> >
>>> > How to clone the same behavior in fabric?
>>> >
>>> > Using our fabric:
>>> >
>>> > # python ilom.py -s address@hidden -p changeme
>>> > /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:
>>> > PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using
>>> > libgmp >= 5 to avoid timing attack vulnerability.
>>> >   _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5
>>> > to
>>> > avoid timing attack vulnerability.", PowmInsecureWarning)
>>> > address@hidden Executing task 'ilom_get_mac'
>>> > address@hidden run: show /System ilom_mac_address
>>> > INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.1)
>>> > INFO:paramiko.transport:Authentication (keyboard-interactive)
>>> > successful!
>>> > INFO:paramiko.transport:Secsh channel 1 opened.
>>> > address@hidden out: shell: Invalid credentials
>>> > address@hidden out:
>>> > address@hidden out:
>>> > address@hidden out:
>>> >
>>> > Disconnecting from ca-dev33m... done.
>>> > shell: Invalid credentials
>>> >
>>> >
>>> > From here:
>>> >
>>> > https://groups.google.com/group/mailing.unix.openssh-dev/tree/browse_frm/month/2009-07?_done=%2Fgroup%2Fmailing.unix.openssh-dev%2Fbrowse_frm%2Fmonth%2F2009-07%3F&;
>>> >
>>> > It may related to the buffersize? How can I enlarge the buffersize for
>>> > fabric?
>>> >
>>> > I tried env.linewise=True, it doesn't help.
>>> >
>>> > I will continue debugging on it.
>>> >
>>> > Thanks,
>>> >
>>> > Zhigang
>>> >
>>> >
>>> > On Tue, Apr 9, 2013 at 6:55 PM, Jeff Forcier <address@hidden>
>>> > wrote:
>>> >>
>>> >> Try setting env.use_shell = False:
>>> >>
>>> >>     http://docs.fabfile.org/en/1.6/usage/env.html#use-shell
>>> >>
>>> >> On Tue, Apr 9, 2013 at 6:40 PM, Zhigang Wang <address@hidden> wrote:
>>> >> > Hi Jeff and all,
>>> >> >
>>> >> > I want to use fabric for ilom, a ssh configuration interface.
>>> >> > Currently
>>> >> > it
>>> >> > doesn't work because the ilom system doesn't have a shell there. How
>>> >> > can
>>> >> > set
>>> >> > env.shell to none? Or is it supported?
>>> >> >
>>> >> > The ilom shell:
>>> >> >
>>> >> > $ ssh address@hidden
>>> >> > Warning: Permanently added 'ca-dev33m,10.211.2.238' (RSA) to the
>>> >> > list of
>>> >> > known hosts.
>>> >> > Password:
>>> >> >
>>> >> > Oracle(R) Integrated Lights Out Manager
>>> >> >
>>> >> > Version 3.1.2.10 r74387
>>> >> >
>>> >> > Copyright (c) 2012, Oracle and/or its affiliates. All rights
>>> >> > reserved.
>>> >> >
>>> >> > Warning: password is set to factory default.
>>> >> >
>>> >> > -> help
>>> >> > The help command is used to view information about commands and
>>> >> > targets
>>> >> >
>>> >> > Usage: help [-format wrap|nowrap] [-o|-output terse|verbose]
>>> >> > [<command>|legal|targets|<target>|<target> <property>]
>>> >> >
>>> >> > Special characters used in the help command are
>>> >> > []   encloses optional keywords or options
>>> >> > <>   encloses a description of the keyword
>>> >> >      (If <> is not present, an actual keyword is indicated)
>>> >> > |    indicates a choice of keywords or options
>>> >> >
>>> >> > help <target>              displays description if this target and
>>> >> > its
>>> >> > properties
>>> >> > help <target> <property>   displays description of this property of
>>> >> > this
>>> >> > target
>>> >> > help targets               displays a list of targets
>>> >> > help legal                 displays the product legal notice
>>> >> >
>>> >> > Commands are:
>>> >> > cd
>>> >> > create
>>> >> > delete
>>> >> > dump
>>> >> > exit
>>> >> > help
>>> >> > load
>>> >> > reset
>>> >> > set
>>> >> > show
>>> >> > start
>>> >> > stop
>>> >> > version
>>> >> >
>>> >> > -> sh
>>> >> > Invalid command 'sh' - type help for a list of commands.
>>> >> >
>>> >> > -> bash
>>> >> > Invalid command 'bash' - type help for a list of commands.
>>> >> >
>>> >> > Thanks,
>>> >> >
>>> >> > Zhigang
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Jeff Forcier
>>> >> Unix sysadmin; Python/Ruby engineer
>>> >> http://bitprophet.org
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Jeff Forcier
>>> Unix sysadmin; Python/Ruby engineer
>>> http://bitprophet.org
>>
>>
>> _______________________________________________
>> Fab-user mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/fab-user
>
>



-- 
Jeff Forcier
Unix sysadmin; Python/Ruby engineer
http://bitprophet.org