Go back to using ~/.ansible/cp as the ControlPath

This was commented out earlier because of the lack of interprocess locking and prepare_writeable_dir in v2. The locking was not needed: it could only protect against other siblings of this process (since they were all locking a temporary file that was opened in the parent), and those would be running as the same user and with the same umask. Also, os.makedirs() tolerates intermediate paths being created by other processes. For any other kind of error, both locking and non-locking code paths would fail in the same way. So all we really need to do is make sure we have write permissions. (We also move the cp_dir handling code to where we actually set the ControlPath ourselves; if the user has set it via ssh_*args already, we don't need to bother.)
pva · Sep 3, 2015 · 7aa6cd3 · 7aa6cd3
1 parent 2a32384
commit 7aa6cd3
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/lib/ansible/plugins/connections/ssh.py b/lib/ansible/plugins/connections/ssh.py
@@ -37,6 +37,7 @@
 from ansible import constants as C
 from ansible.errors import AnsibleError, AnsibleConnectionFailure, AnsibleFileNotFound
 from ansible.plugins.connections import ConnectionBase
+from ansible.utils.path import unfrackpath, makedirs_safe
 
 class Connection(ConnectionBase):
     ''' ssh based connections '''
@@ -49,12 +50,6 @@ def __init__(self, *args, **kwargs):
         self._common_args = []
         self.HASHED_KEY_MAGIC = "|1|"
 
-        # FIXME: move the lockfile locations to ActionBase?
-        #fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_EX)
-        #self.cp_dir = utils.prepare_writeable_dir('$HOME/.ansible/cp',mode=0700)
-        self._cp_dir = '/tmp'
-        #fcntl.lockf(self.runner.process_lockfile, fcntl.LOCK_UN)
-
         super(Connection, self).__init__(*args, **kwargs)
 
         self.host = self._play_context.remote_addr
@@ -126,11 +121,18 @@ def _connect(self):
                 cp_path_set = True
 
         if cp_in_use and not cp_path_set:
+            self._cp_dir = unfrackpath('$HOME/.ansible/cp')
+
             args = ("-o", "ControlPath=\"{0}\"".format(
                 C.ANSIBLE_SSH_CONTROL_PATH % dict(directory=self._cp_dir))
             )
             self.add_args("found only ControlPersist; added ControlPath", args)
 
+            # The directory must exist and be writable.
+            makedirs_safe(self._cp_dir, 0o700)
+            if not os.access(self._cp_dir, os.W_OK):
+                raise AnsibleError("Cannot write to ControlPath %s" % self._cp_dir)
+
         if not C.HOST_KEY_CHECKING:
             self.add_args(
                 "ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled",