transport=smart, SFTP failures and ssh connections

600 views
Skip to first unread message

Marc Petrivelli

unread,
Mar 31, 2014, 10:34:15 AM3/31/14
to ansible...@googlegroups.com
In my ansible.cfg I had the following set:

[defaults]
transport=smart

[ssh_connection]
scp_if_ssh=True

For one of my target hosts (specifically a VMware vCenter appliance) I received a SFTP disabled error.  After investigating this host did in fact have SFTP disabled (on purpose).  I am curious about a few things.

1) why is the paramiko python ssh lib defaulting to SFTP for file transfer?  Is this intended?  Is it more efficient?

2) Wouldn't it make sense for the ansible connection module to detect this failure and alternatively try to use SCP to transfer the file?

In the end I had to force the host to use SSH (ansible_connection=ssh in my inventory file) and then change 

From:
ssh_args = -o ControlMaster=auto -o ControlPersist=60s

To:
ssh_args = -o ControlMaster=auto

to get everything to work.  It seems ansible is smart enough to detect which features the particular flavor of sshd supports when ssh transport is used.  It seems the connection module using paramiko might be able to determine if SFTP is disabled and fail over to SCP.


James Cammarata

unread,
Mar 31, 2014, 4:04:44 PM3/31/14
to ansible...@googlegroups.com
Hi Marc, could you open a github issue for this? Thanks!


--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3b35bbab-d2aa-4da8-ad01-1ed2a866c8bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Michael DeHaan

unread,
Mar 31, 2014, 5:25:25 PM3/31/14
to ansible...@googlegroups.com
Ok so under ssh_connection this parameter is only for the SSH transport.

Paramiko doesn't have this.   So what you have for controlling wouldn't be handled by (1)

(2) is unlikely to be implemented.

So the question is really can paramiko scp all of the time -- 

I don't particularly recall but I believe in some cases SCP can be disabled?  If I'm wrong, this is reasonable.

If I am not, we can make a new configuration option for paramiko.

But paramiko shouldn't obey the config section for the SSH transport.



Hans Lellelid

unread,
Apr 25, 2014, 4:18:42 PM4/25/14
to ansible...@googlegroups.com
I like the idea of having sftp vs scp be configurable for paramiko.  We don't use sftp in our infrastructure (except in a few cases), so having an scp option for paramiko would be nice.  (Lots of CentOS 5.x in infrastructure, so paramiko is still desired.)  Here is a custom paramiko plugin that uses scp instead of sftp: https://gist.github.com/hozn/11301845 

This uses the scp library: https://pypi.python.org/pypi/scp/

Making this a configuration option instead would obviously be pretty straightforward.

Hans

Michael DeHaan

unread,
Apr 25, 2014, 4:58:18 PM4/25/14
to ansible...@googlegroups.com
A pull request would be welcome!

Thanks!


Hans Lellelid

unread,
Apr 28, 2014, 7:34:56 AM4/28/14
to ansible...@googlegroups.com
Yes, I will do that once I have a little more testing with this setup.

Hans
Reply all
Reply to author
Forward
0 new messages