Merge remote-tracking branch 'origin/issue581'

* origin/issue581:
  issue #581: expose mitogen_mask_remote_name variable.

Author: dw

ansible_mitogen/connection.py

@@ -58,6 +58,15 @@
 LOG = logging.getLogger(__name__)
 
 
+def get_remote_name(spec):
+    """
+    Return the value to use for the "remote_name" parameter.
+    """
+    if spec.mitogen_mask_remote_name():
+        return 'ansible'
+    return None
+
+
 def optional_int(value):
     """
     Convert `value` to an integer if it is not :data:`None`, otherwise return
@@ -135,6 +144,7 @@ def _connect_ssh(spec):
             'connect_timeout': spec.ansible_ssh_timeout(),
             'ssh_args': spec.ssh_args(),
             'ssh_debug_level': spec.mitogen_ssh_debug_level(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -150,6 +160,7 @@ def _connect_docker(spec):
             'container': spec.remote_addr(),
             'python_path': spec.python_path(),
             'connect_timeout': spec.ansible_ssh_timeout() or spec.timeout(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -166,6 +177,7 @@ def _connect_kubectl(spec):
             'connect_timeout': spec.ansible_ssh_timeout() or spec.timeout(),
             'kubectl_path': spec.mitogen_kubectl_path(),
             'kubectl_args': spec.extra_args(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -181,6 +193,7 @@ def _connect_jail(spec):
             'container': spec.remote_addr(),
             'python_path': spec.python_path(),
             'connect_timeout': spec.ansible_ssh_timeout() or spec.timeout(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -196,6 +209,7 @@ def _connect_lxc(spec):
             'python_path': spec.python_path(),
             'lxc_attach_path': spec.mitogen_lxc_attach_path(),
             'connect_timeout': spec.ansible_ssh_timeout() or spec.timeout(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -211,6 +225,7 @@ def _connect_lxd(spec):
             'python_path': spec.python_path(),
             'lxc_path': spec.mitogen_lxc_path(),
             'connect_timeout': spec.ansible_ssh_timeout() or spec.timeout(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -254,6 +269,7 @@ def _connect_su(spec):
             'python_path': spec.python_path(),
             'su_path': spec.become_exe(),
             'connect_timeout': spec.timeout(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -272,6 +288,7 @@ def _connect_sudo(spec):
             'sudo_path': spec.become_exe(),
             'connect_timeout': spec.timeout(),
             'sudo_args': spec.sudo_args(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -289,6 +306,7 @@ def _connect_doas(spec):
             'python_path': spec.python_path(),
             'doas_path': spec.become_exe(),
             'connect_timeout': spec.timeout(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -305,6 +323,7 @@ def _connect_mitogen_su(spec):
             'python_path': spec.python_path(),
             'su_path': spec.become_exe(),
             'connect_timeout': spec.timeout(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -322,6 +341,7 @@ def _connect_mitogen_sudo(spec):
             'sudo_path': spec.become_exe(),
             'connect_timeout': spec.timeout(),
             'sudo_args': spec.sudo_args(),
+            'remote_name': get_remote_name(spec),
         }
     }
 
@@ -338,6 +358,7 @@ def _connect_mitogen_doas(spec):
             'python_path': spec.python_path(),
             'doas_path': spec.become_exe(),
             'connect_timeout': spec.timeout(),
+            'remote_name': get_remote_name(spec),
         }
     }
 

ansible_mitogen/transport_config.py

@@ -231,6 +231,15 @@ def mitogen_kind(self):
         The type of container to use with the "setns" transport.
         """
 
+    @abc.abstractmethod
+    def mitogen_mask_remote_name(self):
+        """
+        Specifies whether to set a fixed "remote_name" field. The remote_name
+        is the suffix of `argv[0]` for remote interpreters. By default it
+        includes identifying information from the local process, which may be
+        undesirable in some circumstances.
+        """
+
     @abc.abstractmethod
     def mitogen_docker_path(self):
         """
@@ -385,6 +394,9 @@ def mitogen_via(self):
     def mitogen_kind(self):
         return self._connection.get_task_var('mitogen_kind')
 
+    def mitogen_mask_remote_name(self):
+        return self._connection.get_task_var('mitogen_mask_remote_name')
+
     def mitogen_docker_path(self):
         return self._connection.get_task_var('mitogen_docker_path')
 
@@ -593,6 +605,9 @@ def mitogen_via(self):
     def mitogen_kind(self):
         return self._host_vars.get('mitogen_kind')
 
+    def mitogen_mask_remote_name(self):
+        return self._host_vars.get('mitogen_mask_remote_name')
+
     def mitogen_docker_path(self):
         return self._host_vars.get('mitogen_docker_path')
 

docs/ansible_detailed.rst

@@ -733,6 +733,11 @@ When used as a become method:
 * ``ansible_become_exe``: path to ``doas`` binary.
 * ``ansible_become_user`` (default: ``root``)
 * ``ansible_become_pass`` (default: assume passwordless)
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 * ansible.cfg: ``timeout``
 
 When used as the ``mitogen_doas`` connection method:
@@ -754,6 +759,11 @@ connection delegation is supported.
 
 * ``ansible_host``: Name of Docker container (default: inventory hostname).
 * ``ansible_user``: Name of user within the container to execute as.
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 
 
 .. _method-jail:
@@ -767,6 +777,11 @@ connection delegation is supported.
 
 * ``ansible_host``: Name of jail (default: inventory hostname).
 * ``ansible_user``: Name of user within the jail to execute as.
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 
 
 .. _method-kubectl:
@@ -780,6 +795,11 @@ connection delegation is supported.
 
 * ``ansible_host``: Name of pod (default: inventory hostname).
 * ``ansible_user``: Name of user to authenticate to API as.
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 
 
 Local
@@ -823,6 +843,11 @@ than the LXC Python bindings, as is usual with ``lxc``.
 * ``ansible_host``: Name of LXC container (default: inventory hostname).
 * ``mitogen_lxc_attach_path``: path to ``lxc-attach`` command if not available
     on the system path.
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 
 
 .. _method-lxd:
@@ -839,6 +864,11 @@ the host machine.
 * ``ansible_host``: Name of LXC container (default: inventory hostname).
 * ``mitogen_lxc_path``: path to ``lxc`` command if not available on the system
   path.
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 
 
 .. _machinectl:
@@ -855,6 +885,11 @@ connection delegation is supported. This is a light wrapper around the
 * ``ansible_user``: Name of user within the container to execute as.
 * ``mitogen_machinectl_path``: path to ``machinectl`` command if not available
   as ``/bin/machinectl``.
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 
 
 .. _setns:
@@ -899,6 +934,11 @@ When used as a become method:
 * ``ansible_su_user``, ``ansible_become_user`` (default: ``root``)
 * ``ansible_su_pass``, ``ansible_become_pass`` (default: assume passwordless)
 * ``su_flags``, ``become_flags``
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 * ansible.cfg: ``timeout``
 
 When used as the ``mitogen_su`` connection method:
@@ -924,6 +964,11 @@ When used as a become method:
 * ``ansible_sudo_user``, ``ansible_become_user`` (default: ``root``)
 * ``ansible_sudo_pass``, ``ansible_become_pass`` (default: assume passwordless)
 * ``sudo_flags``, ``become_flags``
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 * ansible.cfg: ``timeout``
 
 When used as the ``mitogen_sudo`` connection method:
@@ -949,6 +994,11 @@ except connection delegation is supported.
 * ``ansible_ssh_private_key_file``
 * ``ansible_ssh_pass``, ``ansible_password`` (default: assume passwordless)
 * ``ssh_args``, ``ssh_common_args``, ``ssh_extra_args``
+* ``mitogen_mask_remote_name``: if :data:`True`, mask the identity of the
+  Ansible controller process on remote machines. To simplify diagnostics,
+  Mitogen produces remote processes named like
+  `"mitogen:[email protected]:1234"`, however this may be a privacy issue in
+  some circumstances.
 * ``mitogen_ssh_debug_level``: integer between `0..3` indicating the SSH client
   debug level. Ansible must also be run with '-vvv' to view the output.
 * ``mitogen_ssh_compression``: :data:`True` to enable SSH compression,

docs/changelog.rst

@@ -39,15 +39,21 @@ Fixes
   startup on SuSE Linux 11, due to an incorrect version compatibility check in
   the Mitogen code.
 
+* `#581 <https://github.com/dw/mitogen/issues/58>`_: a
+  ``mitogen_mask_remote_name`` Ansible variable is exposed, to allow masking
+  the username, hostname and process ID of ``ansible-playbook`` running on the
+  controller machine.
+
 
 Thanks!
 ~~~~~~~
 
 Mitogen would not be possible without the support of users. A huge thanks for
 bug reports, testing, features and fixes in this release contributed by
 `Orion Poplawski <https://github.com/opoplawski>`_,
-`Thibaut Barrère <https://github.com/thbar>`_, and
-`@Moumoutaru <https://github.com/Moumoutaru>`_.
+`Thibaut Barrère <https://github.com/thbar>`_,
+`@Moumoutaru <https://github.com/Moumoutaru>`_, and
+`@polski-g <https://github.com/polski-g>`_.
 
 
 v0.2.6 (2019-03-06)

tests/ansible/integration/connection_delegation/delegate_to_template.yml

@@ -40,6 +40,7 @@
               'password': null,
               'port': null,
               'python_path': ["/usr/bin/python"],
+              'remote_name': null,
               'ssh_args': [
                 '-o',
                 'UserKnownHostsFile=/dev/null',
@@ -67,6 +68,7 @@
               'password': null,
               'port': null,
               'python_path': ["/usr/bin/python"],
+              'remote_name': null,
               'ssh_args': [
                 '-o',
                 'UserKnownHostsFile=/dev/null',

tests/ansible/integration/connection_delegation/local_action.yml

@@ -24,6 +24,7 @@
             'kwargs': {
               'connect_timeout': 10,
               'python_path': ["{{ansible_playbook_python}}"],
+              'remote_name': null,
               'password': null,
               'username': 'root',
               'sudo_path': null,

tests/ansible/integration/connection_delegation/osa_container_standalone.yml

@@ -21,6 +21,7 @@
             'lxc_info_path': null,
             'machinectl_path': null,
             'python_path': ['/usr/bin/python'],
+            'remote_name': null,
             'username': null,
           },
           'method': 'setns',