transport=smart, SFTP failures and ssh connections

[Marc Petrivelli]

In my ansible.cfg I had the following set:

[defaults]

transport=smart

[ssh_connection]

scp_if_ssh=True

For one of my target hosts (specifically a VMware vCenter appliance) I received a SFTP disabled error.  After investigating this host did in fact have SFTP disabled (on purpose).  I am curious about a few things.

1) why is the paramiko python ssh lib defaulting to SFTP for file transfer?  Is this intended?  Is it more efficient?

2) Wouldn't it make sense for the ansible connection module to detect this failure and alternatively try to use SCP to transfer the file?

In the end I had to force the host to use SSH (ansible_connection=ssh in my inventory file) and then change 

From:

ssh_args = -o ControlMaster=auto -o ControlPersist=60s

To:

ssh_args = -o ControlMaster=auto

to get everything to work.  It seems ansible is smart enough to detect which features the particular flavor of sshd supports when ssh transport is used.  It seems the connection module using paramiko might be able to determine if SFTP is disabled and fail over to SCP.

[James Cammarata]

Hi Marc, could you open a github issue for this? Thanks!

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3b35bbab-d2aa-4da8-ad01-1ed2a866c8bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael DeHaan]

Ok so under ssh_connection this parameter is only for the SSH transport.

Paramiko doesn't have this.   So what you have for controlling wouldn't be handled by (1)

(2) is unlikely to be implemented.

So the question is really can paramiko scp all of the time -- 

I don't particularly recall but I believe in some cases SCP can be disabled?  If I'm wrong, this is reasonable.

If I am not, we can make a new configuration option for paramiko.

But paramiko shouldn't obey the config section for the SSH transport.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFg%2Bn8Sr0nKYPc9Nq_QzqWuT3mqCcrJpjiqdm2SWVDd1Vbz4-w%40mail.gmail.com.

[Hans Lellelid]

I like the idea of having sftp vs scp be configurable for paramiko.  We don't use sftp in our infrastructure (except in a few cases), so having an scp option for paramiko would be nice.  (Lots of CentOS 5.x in infrastructure, so paramiko is still desired.)  Here is a custom paramiko plugin that uses scp instead of sftp: https://gist.github.com/hozn/11301845 

This uses the scp library: https://pypi.python.org/pypi/scp/

Making this a configuration option instead would obviously be pretty straightforward.

Hans

[Michael DeHaan]

A pull request would be welcome!

Thanks!

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4d58ffa1-31b3-4e9f-a67d-f7612030b72f%40googlegroups.com.

[Hans Lellelid]

Yes, I will do that once I have a little more testing with this setup.

Hans