Eliminate /bin/sh -c environment from any ssh command sending.

Archives Ansible Project
1

Hi,

I"m writing a module for Ansible, executing ssh commands on the a remote secured shell.
Python is not installed and the installation is not possible.
But It seams that there is always an attempt to discover the python on the remote.

Attempting python interpreter discovery
ESTABLISH SSH CONNECTION FOR USER: padmin
SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ‘User=“padmin”’ -o ConnectTimeout=10 -o ControlPath=/home/user/.ansible/cp/7c17f9a5a6 system ‘/bin/sh -c ‘"’“'echo PLATFORM; uname; echo FOUND; command -v '”’“'”‘"’“'”‘"’“‘/usr/bin/python’”‘"’“'”‘"’“'”‘"’; command -v ‘"’“'”‘"’“'”‘"’“‘python3.7’”‘"’“'”‘"’“'”‘"’; command -v ‘"’“'”‘"’“'”‘"’“‘python3.6’”‘"’“'”‘"’“'”‘"’; command -v ‘"’“'”‘"’“'”‘"’“‘python3.5’”‘"’“'”‘"’“'”‘"’; command -v ‘"’“'”‘"’“'”‘"’“‘python2.7’”‘"’“'”‘"’“'”‘"’; command -v ‘"’“'”‘"’“'”‘"’“‘python2.6’”‘"’“'”‘"’“'”‘"’; command -v ‘"’“'”‘"’“'”‘"’“‘/usr/libexec/platform-python’”‘"’“'”‘"’“'”‘"’; command -v ‘"’“'”‘"’“'”‘"’“‘/usr/bin/python3’”‘"’“'”‘"’“'”‘"’; command -v ‘"’“'”‘"’“'”‘"’“‘python’”‘"’“'”‘"’“'”‘"’; echo ENDFOUND && sleep 0’“'”‘’
(1, b’‘, b’rksh: /bin/sh: 0403-019 The operation is not allowed in a restricted shell.\n’)
Failed to connect to the host via ssh: rksh: /bin/sh: 0403-019 The operation is not allowed in a restricted shell.

The error is there because even /bin/sh -c is not allowed.

By using the raw module, the “/bin/sh -c” is not used, so this might be an option, but the output using a raw is to complicated to be parsed in Ansible only so i would like to create a separate module for that.

Any suggestions here ??

Regards,
Tom Van de Velde

2

Hi Tom,

How are you connecting to the VIOS ?? can you share a snippet of code - I’m looking at doing something similar for a storwize module for a platform refresh. My thoughts where to somehow use the connection module network_cli ansible_connection=network_cli

Regards

3

It might be prudent to study the Ansible modules in source code if you know you need to go this route:

https://github.com/ansible/ansible/tree/devel/lib/ansible/modules

Specifically the network category as most network devices don’t allow SSH access or have Python installed.

HTH, Andy

4

Hi,

Currently this is very basic but working with raw and later parsing via yml template…

  • name: RAW command
    raw: “ioscli lsrep”
    register: raw_library
    changed_when: false

  • name: Parse raw output
    set_fact:
    library: “{{ raw_library.stdout | parse_cli(‘parsers/lsrep.yml’) }}”

Regards,
Tom