Ki[0dZddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZejeZd dZGd d e e ZdS) zKSSH remote execution environment with ControlMaster connection persistence.N)Path)BaseEnvironment)PersistentShellMixin)is_interruptedreturncLtjdstddS)z@Fail fast with a clear error when the SSH client is unavailable.sshzWSSH is not installed or not in PATH. Install OpenSSH client: apt install openssh-clientN)shutilwhich RuntimeError3/home/ubuntu/hermes-agent/tools/environments/ssh.py_ensure_ssh_availablers3 <    e     rcVeZdZUdZ d$deded ed ed ed ed effd Zd%dedzdefdZ dZ defdZ d&dZ d'dddded ed edzdedzde f fdZdZeed<edefdZdejfdZdedeefdZd Zd!Zd'dddded ed edzdedzde f d"Zfd#ZxZS)(SSHEnvironmentaRun commands on a remote machine over SSH. Uses SSH ControlMaster for connection persistence so subsequent commands are fast. Security benefit: the agent cannot modify its own code since execution happens on a separate machine. Foreground commands are interruptible: the local ssh process is killed and a remote kill is attempted over the ControlMaster socket. When ``persistent=True``, a single long-lived bash shell is kept alive over SSH and state (cwd, env vars, shell variables) persists across ``execute()`` calls. Output capture uses file-based IPC on the remote host (stdout/stderr/exit-code written to temp files, polled via fast ControlMaster one-shot reads). ~<Fhostusercwdtimeoutportkey_path persistentc$t||||_||_||_||_||_ttj dz |_ |j dd|j |d|d|dz |_ t|||_||jr|dSdS)N)rrz hermes-sshT)parentsexist_ok@:z.sock)super__init__rrrrrrtempfile gettempdir control_dirmkdircontrol_socketr_establish_connection_detect_remote_home _remote_home_sync_skills_and_credentials_init_persistent_shell) selfrrrrrrr __class__s rr$zSSHEnvironment.__init__+s S'222     $ 3 5 566E td;;;".D1M1M41M1M$1M1M1MM ""$$$ 4466 ))+++ ? *  ' ' ) ) ) ) ) * *rN extra_argsrcTdg}|dd|jg|ddg|ddg|ddg|ddg|ddg|jd kr)|d t|jg|jr|d |jg|r||||jd |j|S) Nr -o ControlPath=zControlMaster=autozControlPersist=300z BatchMode=yesz StrictHostKeyChecking=accept-newzConnectTimeout=10rz-pz-ir!)extendr)rstrrappendrr)r/r1cmds r_build_ssh_commandz!SSHEnvironment._build_ssh_command@s3g D>)<>>?@@@ D./000 D./000 D/*+++ D<=>>> D-./// 9?? JJc$)nn- . . . = . JJdm, - - -  # JJz " " " di--$)--... rc|}|d tj|ddd}|jdkrD|jp|j}td|dS#tj $r!td|j d|j d wxYw) Nz!echo 'SSH connection established'Tcapture_outputtextrrzSSH connection failed: zSSH connection to r!z timed out) r9r7 subprocessrun returncodestderrstripstdoutr TimeoutExpiredrr)r/r8result error_msgs rr*z$SSHEnvironment._establish_connectionQs%%'' 6777 W^C4QSTTTF A%%"M//11JV]5H5H5J5J "#HY#H#HIII&%( W W WUDIUU UUUVV V Ws A'B0Cc\ |}|dtj|ddd}|j}|r(|jdkrtd||Sn#t$rYnwxYw|j dkrdSd |j S) z(Detect the remote user's home directory.z echo $HOMET r<rzSSH: remote home = %srootz/rootz/home/) r9r7r?r@rDrCrAloggerdebug Exceptionr)r/r8rFhomes rr+z"SSHEnvironment._detect_remote_home\s ))++C JJ| $ $ $^C4QSTTTF=&&((D )Q.. 4d;;;     D  9  7# ###sBB BBc |jd}ddlm}m}gd}d|jd}|jdkr |d|jz }|jr |d |jz }|d |g|jd |j }|D]}|d  d |d}tt|j } |} | d| t!j| ddd||d|d|gz} t!j| ddd} | jdkr#t&d|d|t&d| j||} | r| d }|} | d|t!j| ddd|| dddz|d|dgz} t!j| ddd} | jdkr$t&d| d|dSt&d| jdSdS#t2$r&}t&d|Yd}~dSd}~wwxYw)z?Rsync skills directory and credential files to the remote host.z/.hermesr)get_credential_file_mountsget_skills_directory_mount)rsyncz-azz --timeout=30z --safe-linkszssh -o ControlPath=z -o ControlMaster=autorz -p z -i z-er!container_pathz /root/.hermesz mkdir -p TrIr< host_pathr"zSSH: synced credential %s -> %sz SSH: rsync credential failed: %s)container_base/rzSSH: synced skills dir %s -> %sz SSH: rsync skills dir failed: %sz*SSH: could not sync skills/credentials: %sN)r,tools.credential_filesrPrQr)rrr5rrreplacer6rparentr9r7r?r@rArKinforLrBrCrstriprM)r/rWrPrQ rsync_basessh_opts dest_prefix mount_entry remote_path parent_dir mkdir_cmdr8rF skills_mountes rr-z+SSHEnvironment._sync_skills_and_credentialsmse, J $ 1;;;N e e e e e e e eIIIJXT-@XXXHyB.49...} 324=222   tX. / / /!Y4444K :9;; \ \ )*:;CCOUcefgg  k!2!2!9::  3355   !9Z!9!9:::yDRTUUUU K $<>\>\{>\>\#]]#DtUWXXX$))KK A;{C[]hiiiiLL!CV]EXEXEZEZ[[[[65^TTTL \*+;<  3355   !:[!:!:;;;yDRTUUUU  -44S99C?"33[333$$DtUWXXX$))KK A)r9r7r?PopenPIPEDEVNULLr/r8s r_spawn_shell_processz#SSHEnvironment._spawn_shell_processsU%%'' 9 /?%     rpathsct|dkrs|}|d|dd tj|ddd}|jgS#tjtf$rdgcYSwxYwd |jd d fd |D}|}|| tj|ddd}|j d zfdtt|DS#tjtf$rdgt|zcYSwxYw)NrTcat rz 2>/dev/nullTrIr<r __HERMES_SEP___z; c3*K|] }d|ddVdS)ryz 2>/dev/null; echo ''Nr ).0pdelims r z2SSHEnvironment._read_temp_files..sH  78 21 2 2% 2 2 2      r cJg|]}|tkr|nd Sr)len)r~ipartss r z3SSHEnvironment._read_temp_files..s/RRR1CJJE!HHBRRRr) rr9r7r?r@rDrEOSErrorrnjoinsplitrange)r/rwr8rFscriptrrs @@r_read_temp_fileszSSHEnvironment._read_temp_filess u::??))++C JJ4eAh444 5 5 5 #4 &-w7   t  5 0444    /dev/null; trueTr=r) _shell_pidr9r7r?r@rErrus r_kill_shell_childrenz#SSHEnvironment._kill_shell_childrens ? " F%%'' BtBBBCCC  N3tQ ? ? ? ? ? ?)73    DD sAA0/A0c|}|d|jd tj|dddS#tjt f$rYdSwxYw)Nzrm -f z-*Trr)r9r7ror?r@rErrus r_cleanup_temp_filesz"SSHEnvironment._cleanup_temp_filess%%'' 1D-111222  N3tQ ? ? ? ? ? ?)73    DD sA A'&A'c|p|j}||\}}d|d|}|p|j} ||||z} n||} n|} |} | |||| } | ddgtj| tj tj | r tj n tj d| rL j | j n#tt f$rYnwxYwfd} t#j| d}|t)j| z}t/r d n)#tj$rYnwxYw|d d d zd dSt)j|kr?|d || St)jd|d d jdS)Nzcd z && rT)rDrBrqr>cj jD]}|dS#t$rYdSwxYwN)rDr7rM)line_output_chunksprocs r_drainz/SSHEnvironment._execute_oneshot.._drains\  K00D"))$////00    s $ 22)targetdaemonrT)rrz [Command interrupted])outputrAg?r) r_prepare_commandrr9r7_build_run_kwargspopr?rrrsSTDOUTrtrqwritecloseBrokenPipeErrorr threadingThreadstarttime monotonicpollr terminatewaitrEkillr_timeout_resultsleeprA)r/rirrrhwork_dir exec_command sudo_stdinwrappedeffective_timeouteffective_stdinr8kwargsrreaderdeadlinerrs @@r_execute_oneshotzSSHEnvironment._execute_oneshots?$(#'#8#8#A#A j444l44#3t|  !j&<(:5OO  #(OO(O%%'' 7''AA 9d### ?$%4L*//*:L          111   """"#W-          !=== >##&77iikk!     IIaI((((!0   IIKKKKK  A &&& ggn558QQ"%~(**  A &&&++,=>>> JsOOO!iikk!$  A ''.11QQQs$%3DD-,D-.G#G+*G+c|t|jr ddd|jdd|jd|jg}t j|dd n#tt j f$rYnwxYw |j dS#t$rYdSwxYwdS) Nr r3r4z-Oexitr!Trr) r#cleanupr)existsrrr?r@rSubprocessErrorunlink)r/r8r0s rrzSSHEnvironment.cleanup's    % % ' '  d$H43F$H$HV %?%?DI%?%?As4CCCCCZ78     #**,,,,,      s#6A33B  B B++ B98B9)rrrrFrrNr)__name__ __module__ __qualname____doc__r6intboolr$listr9r*r+r-dictrkrlfloat__annotations__propertyror?rrrvrrrrr __classcell__)r0s@rrrs 9A*!*******TD[D" W W W$S$$$$".J.J.J.J`U&*)-UUUsUUtU$JU26UUUUUU#'%&&& 5c555X5  j&6     %s%tCy%%%%6BR/326BRBRBRBR#BR"%*BR%(4ZBR;?BRBRBRBRH         rrr)rloggingr r?r%rrpathlibrtools.environments.baser#tools.environments.persistent_shellrtools.interruptr getLoggerrrKrrr rrrsQQ  333333DDDDDD******  8 $ $    YYYYY)?YYYYYr