Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

megassh problems #103

Closed
pfuntner opened this issue Mar 31, 2023 · 1 comment
Closed

megassh problems #103

pfuntner opened this issue Mar 31, 2023 · 1 comment
Labels
urgent Needs to be fixed ASAP

Comments

@pfuntner
Copy link
Owner

I think I've seen a problem with megassh in the past and tried to fix it but it's still a problem. Sometimes, output from a host is overlooked somehow:

[ubuntu@pfuntner-20221025 packer-examples master]$ ansible-hosts
Host            User      Address         Distro         Up time      Kernel                        Arch    Pkgmgr  Svcmgr
aws-almalinux8  ec2-user  3.87.162.186    AlmaLinux 8.7  00-00:01:54  4.18.0-425.3.1.el8.x86_64     x86_64  dnf     systemd
aws-rhel8       ec2-user  3.88.9.145      RedHat 8.7     00-00:02:29  4.18.0-425.3.1.el8.x86_64     x86_64  dnf     systemd
gcp-almalinux8  jpfuntne  34.148.128.162  AlmaLinux 8.7  00-00:01:31  4.18.0-425.13.1.el8_7.x86_64  x86_64  dnf     systemd
gcp-rhel8       jpfuntne  35.227.62.101   RedHat 8.7     00-00:02:29  4.18.0-425.13.1.el8_7.x86_64  x86_64  dnf     systemd
[ubuntu@pfuntner-20221025 packer-examples master]$ ^Cw-instances almalinux8
[ubuntu@pfuntner-20221025 packer-examples master]$ megassh all cat /etc/crypto-policies/config
aws-almalinux8: DEFAULT


gcp-almalinux8: DEFAULT


[ubuntu@pfuntner-20221025 packer-examples master]$ megassh all -- ls /etc/crypto-policies/config\; cat /etc/crypto-policies/config
aws-almalinux8: /etc/crypto-policies/config
aws-almalinux8: DEFAULT

aws-rhel8: /etc/crypto-policies/config
aws-rhel8: DEFAULT

gcp-almalinux8: /etc/crypto-policies/config
gcp-almalinux8: DEFAULT

gcp-rhel8: /etc/crypto-policies/config
gcp-rhel8: DEFAULT

[ubuntu@pfuntner-20221025 packer-examples master]$ megassh all -- ls -ld /etc/crypto-policies/config\; cat /etc/crypto-policies/config
aws-almalinux8: -rw-r--r--. 1 root root 8 Nov 10 21:05 /etc/crypto-policies/config
aws-almalinux8: DEFAULT

aws-rhel8: -rw-r--r--. 1 root root 8 Nov  3 10:50 /etc/crypto-policies/config
aws-rhel8: DEFAULT



[ubuntu@pfuntner-20221025 packer-examples master]$ megassh all -- ls -ld /etc/crypto-policies/config\; cat /etc/crypto-policies/config
aws-almalinux8: -rw-r--r--. 1 root root 8 Nov 10 21:05 /etc/crypto-policies/config
aws-almalinux8: DEFAULT

aws-rhel8: -rw-r--r--. 1 root root 8 Nov  3 10:50 /etc/crypto-policies/config
aws-rhel8: DEFAULT

gcp-almalinux8: -rw-r--r--. 1 root root 8 Mar  6 18:24 /etc/crypto-policies/config
gcp-almalinux8: DEFAULT


[ubuntu@pfuntner-20221025 packer-examples master]$
@pfuntner pfuntner added the urgent Needs to be fixed ASAP label Mar 31, 2023
@pfuntner pfuntner pinned this issue Mar 31, 2023
@pfuntner
Copy link
Owner Author

I basically did a complete fresh rewrite of the command in babd476 and it seems to be working great.

For each host:

  • A thread is created that creates the new process
  • A second thread is created to read stdout in a non-blocking manner
  • A third thread is created to read stderr in a non-blocking manner
  • The second and third threads end when they exhaust their respective stream, regardless of if the process finished
  • The first three ends when the second and third threads end and the process has an exit status

I reused the idea of using base64 encoding to protect arbitrary commands but I think it's really only needed when you escalate to root so I had it automatically encode when you escalate. There's no longer an independent encoding option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
urgent Needs to be fixed ASAP
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pfuntner