Running Ansible from source on Linux with F-Secure SSH instead of OpenSSH; only user privileges
90 views
Skip to first unread message
Ed Voncken
Nov 25, 2014, 10:11:42 AM11/25/14
to ansible...@googlegroups.com
Hi,
Started discussing this on Twitter with a.o. @laserllama. I'm facing a nice (*) challenge:
- As a regular user (no special sudo / root privileges),
- I need to run Ansible from source
- on a Linux which has /usr/bin/python == Python 2.6.8
- with F-Secure SSH instead of OpenSSH
*) For small values of 'nice'
I'm encountering the following issues so far:
1) Ansible source seems to hard code "/usr/bin/python" (2.6.8).
I decided to go the "virtualenv" route, so I can at least install required Python modules in a specific 'ansible' virtualenv.
I'm still fighting PIP's refusal to talk through our SSL proxy.
(ansible)$ pip --version
pip 1.5.6 from /opt/local/python/ansible/lib/python2.6/site-packages (python 2.6)
I have other virtualenv's based on more recent (non-OS supplied) Python 2.7.2, and they don't appear to have this issue.
2) Lots of OpenSSH-specific options are hard coded in ssh.py
F-Secure SSH is a completely different beast from OpenSSH; completely different set of options.
I've hacked around in ssh.py a bit, and progressed somewhat.
Any advice on the best way forward?
- Is there a proper way to use another Python when running Ansible from source?
- Anyone have experience getting Ansible to work with other SSH than OpenSSH?
Thanks,
Ed.
Vincent Van der Kussen
Nov 25, 2014, 2:11:50 PM11/25/14
to ansible...@googlegroups.com
On Tue, Nov 25, 2014 at 4:11 PM, Ed Voncken <e...@edvoncken.net> wrote:
> Hi,
>
> Started discussing this on Twitter with a.o. @laserllama. I'm facing a nice
> (*) challenge:
>
> - As a regular user (no special sudo / root privileges),
> - I need to run Ansible from source
> - on a Linux which has /usr/bin/python == Python 2.6.8
> - with F-Secure SSH instead of OpenSSH
>
> *) For small values of 'nice'
>
>
> I'm encountering the following issues so far:
>
> 1) Ansible source seems to hard code "/usr/bin/python" (2.6.8).
>
> I decided to go the "virtualenv" route, so I can at least install required
> Python modules in a specific 'ansible' virtualenv.
> I'm still fighting PIP's refusal to talk through our SSL proxy.
> (ansible)$ pip --version
> pip 1.5.6 from /opt/local/python/ansible/lib/python2.6/site-packages
> (python 2.6)
Which operating system? I had to update setuptools to 1.0.1 on CentOS7
> Hi,
>
> Started discussing this on Twitter with a.o. @laserllama. I'm facing a nice
> (*) challenge:
>
> - As a regular user (no special sudo / root privileges),
> - I need to run Ansible from source
> - on a Linux which has /usr/bin/python == Python 2.6.8
> - with F-Secure SSH instead of OpenSSH
>
> *) For small values of 'nice'
>
>
> I'm encountering the following issues so far:
>
> 1) Ansible source seems to hard code "/usr/bin/python" (2.6.8).
>
> I decided to go the "virtualenv" route, so I can at least install required
> Python modules in a specific 'ansible' virtualenv.
> I'm still fighting PIP's refusal to talk through our SSL proxy.
> (ansible)$ pip --version
> pip 1.5.6 from /opt/local/python/ansible/lib/python2.6/site-packages
> (python 2.6)
to get pip working over a proxy.
>
> I have other virtualenv's based on more recent (non-OS supplied) Python
> 2.7.2, and they don't appear to have this issue.
>
>
> 2) Lots of OpenSSH-specific options are hard coded in ssh.py
>
> F-Secure SSH is a completely different beast from OpenSSH; completely
> different set of options.
> I've hacked around in ssh.py a bit, and progressed somewhat.
>
>
> Any advice on the best way forward?
> - Is there a proper way to use another Python when running Ansible from
> source?
> - Anyone have experience getting Ansible to work with other SSH than
> OpenSSH?
>
>
> Thanks,
> Ed.
>
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/acad7315-690e-464a-a6ab-5b2a59497f1b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Brian Coca
Nov 25, 2014, 5:26:11 PM11/25/14
to ansible...@googlegroups.com
for fsecure you might need a new connection plugin if it is that
different than the ssh one. Have you tried with paramiko?
--
Brian Coca
different than the ssh one. Have you tried with paramiko?
--
Brian Coca
Ed Voncken
Nov 27, 2014, 5:12:09 PM11/27/14
to ansible...@googlegroups.com
Hi Vincent,
Which operating system? I had to update setuptools to 1.0.1 on CentOS7
to get pip working over a proxy.
It's SLES10 update 3; I suspect that it's the ancient Python version that's biting me. Due to other fires, I haven't made much progress.
Perhaps next week ;-)
Ed Voncken
Nov 27, 2014, 5:13:01 PM11/27/14
to ansible...@googlegroups.com
Hi Brian,
for fsecure you might need a new connection plugin if it is that
different than the ssh one. Have you tried with paramiko?
Nope, haven't tried Paramiko - will look into that, thanks.
Michael DeHaan
Dec 1, 2014, 4:18:49 PM12/1/14
to ansible...@googlegroups.com
"1) Ansible source seems to hard code "/usr/bin/python" (2.6.8)."
See the docs regarding ansible_python_interpreter for remote interpreters, elsewhere it will use whatever Python is in your path.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f9b2a513-8f6f-4868-a93f-10e93962a096%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages