Thanks for the analysis. You are right, it doesn't have a POSIX shell. Here is the product doc: http://docs.oracle.com/cd/E19860-01/
I see more and more apps using ssh for authentication. They just provide commands when you login, no shell, just like this ILOM product. I just test another product leveraging ssh: https://wikis.oracle.com/display/oraclevm/Oracle+VM+Manager+3+CLI It works great. I will track this issue. Thanks, Zhigang On Wed, Apr 10, 2013 at 11:35 AM, Jeff Forcier <[email protected]> wrote: > Yes, we use the SSH command execution API call (in Paramiko, > 'exec_command') for the reasons Christian outlines. Fabric does offer > a basic "open a shell for the active user" API call (open_shell() > IIRC) but that is, as the name implies, not useful for automated > scripting. > > I think what's going on is that "command | ssh your-device" is hooking > up your stdin to the remote default login shell (which is what SSH > opens if no command is given -- equivalent to Fabric's default mode of > operation, as discussed). This shell is probably not bash or sh, as > per earlier mails. It's not even clear whether it's a "real" POSIX > shell environment (which is all we support) as it's a vendor device. > > If it's possible to determine whether there is a real shell involved > (e.g. 'ps' or vendor docs), you may want to try setting env.shell = > '/path/to/that/shell -maybe -with -args'. This tells Fabric to do the > equivalent of: > > ssh target /path/to/shell -args "real command" > > Which would help if the core problem is that your command(s) need that > shell environment to work right. > > If, as I suspect, the problem is just that this device doesn't have a > real POSIX shell environment and is designed around purely interactive > execution, Fabric may not be a good fit (unless using its task stuff > is still desirable, in which case you could probably poke around with > local("echo command | ssh target") as somebody suggested). > > Best, > Jeff > > > On Wed, Apr 10, 2013 at 10:54 AM, Chris Vest <[email protected]> wrote: > > With the command sub-protocol (which I'm calling it because I don't > remember > > what it is otherwise called) a client (fabric, ssh, etc) will be told the > > return code of a command when it finishes executing on the remote > machine. > > > > With the shell sub-protocol, you are told the return code of the shell, > when > > the shell session ends. Shell sessions usually end “well” even if all the > > commands executed through it has failed. Shells also typically wait for > more > > input when they've finished running a command, and they only notify you > of > > this by printing a dynamically configurable string that typically doesn't > > end with a line break. > > > > That's why tools like fabric prefer to use the command sub-protocol. I > don't > > know of any good work around to this. > > > > Chris > > > > On 10 Apr 2013, at 19:04, Zhigang Wang <[email protected]> wrote: > > > > On Wed, Apr 10, 2013 at 9:49 AM, Chris Vest <[email protected]> > wrote: > >> > >> So you say this works: > >> echo "<cmd>" | ssh user@host:port > >> > > > > yes > > > >> > >> Does this work? > >> ssh user@host:port "<cmd>" > > > > > > no > > > >> > >> Fabric (assuming my info is current) uses the command sub-protocol of > ssh, > >> not the shell sub-protocol, which I'm guessing is what happens when you > pipe > >> to ssh. > >> > > > > Seems we are tracking down to the point. Will check what is the > difference > > between the two. If anyone has a workaround for fabric to use "shell > > sub-protocol"? > > > > Thanks, > > > > Zhigang > > > >> > >> Chris > >> > >> On 10/04/2013, at 16.51, Zhigang Wang <[email protected]> wrote: > >> > >> Thanks very much. However, it doesn't work. > >> > >> I think this issue may live in the paramiko side: don't know anyone > >> familiar with the difference between: > >> > >> 1. ssh user@host:port <cmd> > >> > >> 2. echo "<cmd>" | ssh user@host:port > >> > >> The second one works. So maybe we can emulate that behavior in > >> paramiko/fabric. > >> > >> Thanks, > >> > >> Zhigang > >> > >> > >> > >> On Tue, Apr 9, 2013 at 9:52 PM, Jeff Forcier <[email protected]> > wrote: > >>> > >>> Pro tip: > >>> > >>> * Read up on what ssh -T does (it disables allocation of a remote pty) > >>> * Search Fabric docs for "pty" > >>> * Find out you can set env.always_use_pty=False to disable use of a > >>> remote pty > >>> * Hopefully discover that this fixes the problem (?) > >>> > >>> > >>> On Tue, Apr 9, 2013 at 7:16 PM, Zhigang Wang <[email protected]> wrote: > >>> > Thanks. > >>> > > >>> > Currently I hit this: > >>> > > >>> > > http://net-ssh.lighthouseapp.com/projects/36253/tickets/32-sun-ilom-wont-accept-commands-even-after-successful-login > >>> > > >>> > Maybe a ILOM bug, but they have workaround: > >>> > > >>> > Doesnt' work: > >>> > > >>> > $ ssh -t root@ca-dev33m "show /SYS" > >>> > > >>> > Warning: Permanently added 'ca-dev33m,10.211.2.238' (RSA) to the list > >>> > of > >>> > known hosts. > >>> > Password: > >>> > shell: Invalid credentials > >>> > > >>> > > >>> > Connection to ca-dev33m closed. > >>> > > >>> > Works: > >>> > > >>> > $ echo "show /SYS" | ssh -T root@ca-dev33m > >>> > > >>> > How to clone the same behavior in fabric? > >>> > > >>> > Using our fabric: > >>> > > >>> > # python ilom.py -s root@ca-dev33m -p changeme > >>> > /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: > >>> > PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild > using > >>> > libgmp >= 5 to avoid timing attack vulnerability. > >>> > _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= > 5 > >>> > to > >>> > avoid timing attack vulnerability.", PowmInsecureWarning) > >>> > [root@ca-dev33m] Executing task 'ilom_get_mac' > >>> > [root@ca-dev33m] run: show /System ilom_mac_address > >>> > INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.1) > >>> > INFO:paramiko.transport:Authentication (keyboard-interactive) > >>> > successful! > >>> > INFO:paramiko.transport:Secsh channel 1 opened. > >>> > [root@ca-dev33m] out: shell: Invalid credentials > >>> > [root@ca-dev33m] out: > >>> > [root@ca-dev33m] out: > >>> > [root@ca-dev33m] out: > >>> > > >>> > Disconnecting from ca-dev33m... done. > >>> > shell: Invalid credentials > >>> > > >>> > > >>> > From here: > >>> > > >>> > > https://groups.google.com/group/mailing.unix.openssh-dev/tree/browse_frm/month/2009-07?_done=%2Fgroup%2Fmailing.unix.openssh-dev%2Fbrowse_frm%2Fmonth%2F2009-07%3F&; > >>> > > >>> > It may related to the buffersize? How can I enlarge the buffersize > for > >>> > fabric? > >>> > > >>> > I tried env.linewise=True, it doesn't help. > >>> > > >>> > I will continue debugging on it. > >>> > > >>> > Thanks, > >>> > > >>> > Zhigang > >>> > > >>> > > >>> > On Tue, Apr 9, 2013 at 6:55 PM, Jeff Forcier <[email protected]> > >>> > wrote: > >>> >> > >>> >> Try setting env.use_shell = False: > >>> >> > >>> >> http://docs.fabfile.org/en/1.6/usage/env.html#use-shell > >>> >> > >>> >> On Tue, Apr 9, 2013 at 6:40 PM, Zhigang Wang <[email protected]> > wrote: > >>> >> > Hi Jeff and all, > >>> >> > > >>> >> > I want to use fabric for ilom, a ssh configuration interface. > >>> >> > Currently > >>> >> > it > >>> >> > doesn't work because the ilom system doesn't have a shell there. > How > >>> >> > can > >>> >> > set > >>> >> > env.shell to none? Or is it supported? > >>> >> > > >>> >> > The ilom shell: > >>> >> > > >>> >> > $ ssh root@ca-dev33m > >>> >> > Warning: Permanently added 'ca-dev33m,10.211.2.238' (RSA) to the > >>> >> > list of > >>> >> > known hosts. > >>> >> > Password: > >>> >> > > >>> >> > Oracle(R) Integrated Lights Out Manager > >>> >> > > >>> >> > Version 3.1.2.10 r74387 > >>> >> > > >>> >> > Copyright (c) 2012, Oracle and/or its affiliates. All rights > >>> >> > reserved. > >>> >> > > >>> >> > Warning: password is set to factory default. > >>> >> > > >>> >> > -> help > >>> >> > The help command is used to view information about commands and > >>> >> > targets > >>> >> > > >>> >> > Usage: help [-format wrap|nowrap] [-o|-output terse|verbose] > >>> >> > [<command>|legal|targets|<target>|<target> <property>] > >>> >> > > >>> >> > Special characters used in the help command are > >>> >> > [] encloses optional keywords or options > >>> >> > <> encloses a description of the keyword > >>> >> > (If <> is not present, an actual keyword is indicated) > >>> >> > | indicates a choice of keywords or options > >>> >> > > >>> >> > help <target> displays description if this target and > >>> >> > its > >>> >> > properties > >>> >> > help <target> <property> displays description of this property > of > >>> >> > this > >>> >> > target > >>> >> > help targets displays a list of targets > >>> >> > help legal displays the product legal notice > >>> >> > > >>> >> > Commands are: > >>> >> > cd > >>> >> > create > >>> >> > delete > >>> >> > dump > >>> >> > exit > >>> >> > help > >>> >> > load > >>> >> > reset > >>> >> > set > >>> >> > show > >>> >> > start > >>> >> > stop > >>> >> > version > >>> >> > > >>> >> > -> sh > >>> >> > Invalid command 'sh' - type help for a list of commands. > >>> >> > > >>> >> > -> bash > >>> >> > Invalid command 'bash' - type help for a list of commands. > >>> >> > > >>> >> > Thanks, > >>> >> > > >>> >> > Zhigang > >>> >> > >>> >> > >>> >> > >>> >> -- > >>> >> Jeff Forcier > >>> >> Unix sysadmin; Python/Ruby engineer > >>> >> http://bitprophet.org > >>> > > >>> > > >>> > >>> > >>> > >>> -- > >>> Jeff Forcier > >>> Unix sysadmin; Python/Ruby engineer > >>> http://bitprophet.org > >> > >> > >> _______________________________________________ > >> Fab-user mailing list > >> [email protected] > >> https://lists.nongnu.org/mailman/listinfo/fab-user > > > > > > > > -- > Jeff Forcier > Unix sysadmin; Python/Ruby engineer > http://bitprophet.org >
_______________________________________________ Fab-user mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/fab-user
