From 028bada99a02f2bc9b5b4409f09715ca49858675 Mon Sep 17 00:00:00 2001 From: Saku Ytti Date: Fri, 7 Feb 2014 10:36:50 +0200 Subject: Ignore ssh keys, change input exceptions Now input ssh has configuration secure which is false by default, meaning we don't care about changing keys. It breaks ssh security model but rancid does it too. Also input models error handling is now mostly moved to node.rb for centralized handling + logging. With input models only defining which errors they want to receover from. --- lib/oxidized/input/input.rb | 7 +++++++ lib/oxidized/input/ssh.rb | 16 +++++++++------- lib/oxidized/input/telnet.rb | 25 +++++++++---------------- 3 files changed, 25 insertions(+), 23 deletions(-) (limited to 'lib/oxidized/input') diff --git a/lib/oxidized/input/input.rb b/lib/oxidized/input/input.rb index e028ce4..d59c4f3 100644 --- a/lib/oxidized/input/input.rb +++ b/lib/oxidized/input/input.rb @@ -1,5 +1,12 @@ module Oxidized class Input + RescueFail = [ + Timeout::Error, + Errno::ECONNREFUSED, + Errno::ECONNRESET, + Errno::EHOSTUNREACH, + Errno::EPIPE, + ] class << self def inherited klass Oxidized.mgr.loader = { :class => klass } diff --git a/lib/oxidized/input/ssh.rb b/lib/oxidized/input/ssh.rb index dc90354..b060418 100644 --- a/lib/oxidized/input/ssh.rb +++ b/lib/oxidized/input/ssh.rb @@ -2,6 +2,10 @@ module Oxidized require 'net/ssh' require 'oxidized/input/cli' class SSH < Input + RescueFail = [ + Net::SSH::Disconnect, + Net::SSH::AuthenticationFailed, + ] include CLI class NoShell < StandardError; end @@ -9,14 +13,12 @@ module Oxidized @node = node @output = '' @node.model.cfg['ssh'].each { |cb| instance_exec &cb } - begin - @ssh = Net::SSH.start @node.ip, @node.auth[:username], - :password => @node.auth[:password], :timeout => CFG.timeout - rescue Timeout::Error, Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EHOSTUNREACH, Net::SSH::Disconnect - return false - end + secure = CFG.input[:ssh][:secure] + @ssh = Net::SSH.start @node.ip, @node.auth[:username], + :password => @node.auth[:password], :timeout => CFG.timeout, + :paranoid => secure open_shell @ssh unless @exec - not @ssh.closed? + @ssh and not @ssh.closed? end def cmd cmd, expect=@node.prompt diff --git a/lib/oxidized/input/telnet.rb b/lib/oxidized/input/telnet.rb index 26755ca..0ae6877 100644 --- a/lib/oxidized/input/telnet.rb +++ b/lib/oxidized/input/telnet.rb @@ -2,6 +2,7 @@ module Oxidized require 'net/telnet' require 'oxidized/input/cli' class Telnet < Input + RescueFail = [] include CLI attr_reader :telnet @@ -9,28 +10,20 @@ module Oxidized @node = node @timeout = CFG.timeout @node.model.cfg['telnet'].each { |cb| instance_exec &cb } - begin - @telnet = Net::Telnet.new 'Host' => @node.ip, 'Waittime' => @timeout, - 'Model' => @node.model - expect username - @telnet.puts @node.auth[:username] - expect password - @telnet.puts @node.auth[:password] - expect @node.prompt - rescue Timeout::Error, Errno::ECONNREFUSED, Errno::ECONNRESET, Errno::EPIPE, Errno::EHOSTUNREACH - return false - end + @telnet = Net::Telnet.new 'Host' => @node.ip, 'Waittime' => @timeout, + 'Model' => @node.model + expect username + @telnet.puts @node.auth[:username] + expect password + @telnet.puts @node.auth[:password] + expect @node.prompt end def cmd cmd, expect=@node.prompt Log.debug "Telnet: #{cmd} @#{@node.name}" args = { 'String' => cmd } args.merge!({ 'Match' => expect, 'Timeout' => @timeout }) if expect - begin - @telnet.cmd args - rescue Timeout::Error, Errno::ECONNRESET, Errno::EPIPE - return false - end + @telnet.cmd args end def send data -- cgit v1.2.1