diff --git a/apps/libs/ansible/ansible.cfg b/apps/libs/ansible/ansible.cfg index d8b66b880..78c3c9dd4 100644 --- a/apps/libs/ansible/ansible.cfg +++ b/apps/libs/ansible/ansible.cfg @@ -1,5 +1,5 @@ [defaults] -forks = 10 +forks = 20 host_key_checking = False library = /opt/jumpserver/apps/libs/ansible/modules:./modules timeout = 65 diff --git a/apps/libs/ansible/modules_utils/remote_client.py b/apps/libs/ansible/modules_utils/remote_client.py index 6f7c6549a..064a59ccc 100644 --- a/apps/libs/ansible/modules_utils/remote_client.py +++ b/apps/libs/ansible/modules_utils/remote_client.py @@ -64,9 +64,9 @@ def raise_timeout(name=''): signal.signal(signal.SIGALRM, handler) signal.alarm(timeout) return func(self, *args, **kwargs) - except Exception as error: - signal.alarm(0) - raise error + finally: + if timeout > 0: + signal.alarm(0) return wrapper @@ -122,13 +122,22 @@ class SSHClient: def get_connect_params(self): p = self.module.params + connect_timeout = p.get('recv_timeout', 60) params = { 'allow_agent': False, 'look_for_keys': False, 'hostname': p['login_host'], 'port': p['login_port'], - 'key_filename': p['login_private_key_path'] or None + 'key_filename': p['login_private_key_path'] or None, } + if connect_timeout: + # Keep Paramiko connect/auth/banner waits bounded by the same + # timeout budget as command receive so a bad host returns promptly. + params.update( + timeout=connect_timeout, + auth_timeout=connect_timeout, + banner_timeout=connect_timeout, + ) if p['become']: params['username'] = p['become_user']