Use a -short- custom hash for controlpersist path by default

[jctanner]

ISSUE TYPE

• Feature Pull Request

COMPONENT NAME

lib/ansible/plugins/connection/ssh.py

ANSIBLE VERSION

2.3

SUMMARY

Fixes #11536

[jctanner]

Andrew Gaffney https://www.irccloud.com/pastebin/9uifJ9oc/
$ ssh -G -o ControlPersist=60s -o ControlPath=~/.ansible/cp/%h nuc1 | grep -i
controlpath
controlpath /home/agaffney/.ansible/cp/nuc1
11:18 PM jtanner: you could avoid the (potentially) failing SSH attempt and the clunky method for looking for the error message, and just check the length directly of the expanded control path
11:18 PM we know the max length is 108 (or thereabouts)
11:18 PM <@jtanner> James Tanner is -G a no-op?
11:19 PM Andrew Gaffney yes, just prints the config
11:19 PM <@jtanner> James Tanner ah
11:19 PM that works

[willthames]

Rather than set a fairly esoteric new config item, why not just change default control path to either be much shorter or use %C.

I just don't think this fix is that discoverable, and once you've discovered it, you may as well set the other values instead.

[jctanner]

@willthames the concern in #11536 was that %C is not supported by all ssh versions.

I also intend to make the option on by default once we've vetted the feature and have decided on the final config item name.

[bcoca]

i'm thinking a better fix is defaulting to %C, if that errors out, Ansible can do the hash itself something like sha(user@host:port)[:10]

[jctanner]

<@bcoca> Brian Coca jtanner: on ssh one ... reverse my comment, lets just default to ansible doing the hashing if config is empty and let user set config to override
10:06 AM ^ should fix most issue
10:06 AM <@jtanner> James Tanner what would the hash be?
10:07 AM the options we pass to ssh try to make it unique for each host+port+user
10:07 AM to prevent using a pipe with the wrong creds/port
10:08 AM isn't empty config how we allow them to disable cp ?
10:08 AM bcoca: ^
10:09 AM <@bcoca> Brian Coca bcoca: normally disable via ssh_args, not the hash config
10:10 AM in my comment i say we should sha(user@host:port)[:10]
10:10 AM <@jtanner> James Tanner ok, what does "config is empty" mean then?
10:10 AM <@bcoca> Brian Coca ^ which is simlar to what is
10:10 AM control_path empty, not ssh_args empty
10:10 AM control_path_dir is also a factor, but i would ignore that for now
10:11 AM ssh_connection', 'control_path', 'ANSIBLE_SSH_CONTROL_PATH', u"%(directory)s/ansible-ssh-%h-%p-%r" < current
10:11 AM i say we change default to None, and 'if None => do internal hash IF controlpersist is enabled (which we already check for)
10:11 AM <@jtanner> James Tanner oh ... i missed the "sha(" in your example
10:11 AM <@bcoca> Brian Coca IF they set control_path .. then use that
10:12 AM <@jtanner> James Tanner ok, let me see if i can work it up
10:12 AM sha1 ?
10:12 AM <@bcoca> Brian Coca any hashing works, we are just looking for low collision vs crypto secure
10:12 AM any 'low colission hashing'