LoginSignup
7
4

More than 5 years have passed since last update.

@44nobu(44nobu)

ansible経由sshがtoo long for Unix domain socketと怒られた時の対応

Last updated at Posted at 2016-10-15

環境

OS: macOS Sierra 10.12 

$ ansible --version  
ansible 2.1.2.0
  config file = /Users/xxxx/.ansible.cfg
  configured module search path = Default w/o overrides
$ ssh -V
OpenSSH_7.2p2, LibreSSL 2.4.1

現象

先日、OSをyosemite→Sierraにアップデートしたタイミングでansibleが通らなくなる現象が発生
(pipとかツール周りも入れ直してたので何が起因で発生だったかは闇の中...)

$ ansible -i ~/inventory/test -m ping ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com
ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh.", 
    "unreachable": true
}

コンソールからssh叩くと問題なく繋がるため、どうやらansibleでつなぐ場合だけ上手く疎通が取れないらしい。
原因がわからないまま、とりあえず詳細ログを出してみる。

$ ansible -i ~/inventory/test -m ping -vvv ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com
Using /Users/xxxx/.ansible.cfg as config file
<ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: xxxxxxxx
## 見難いため改行入れてますが1行で出力されます
<ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no \\
-o 'IdentityFile="/Users/xxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no 
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=yyyyyyyyyyyyyyy -o ConnectTimeout=10 
-o ControlPath=/Users/xxxx/.ansible/cp/ansible-ssh-%h-%p-%r ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com 
'/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1476547752.75-109767175351042 `" && echo ansible-tmp-1476547752.75-109767175351042="` echo $HOME/.ansible/tmp/ansible-tmp-1476547752.75-109767175351042 `" ) && sleep 0'"'"''

ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh.", 
    "unreachable": true
}

使ったことのないsshオプションが色々付いており、この辺が怪しい。
試しにコンソールから同一オプションでsshを叩いて見る。

ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no \\
-o 'IdentityFile="/Users/xxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no \\
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey \\
-o PasswordAuthentication=no -o User=yyyyyyyyyyyyyyy -o ConnectTimeout=10 \\
-o ControlPath=/Users/xxxx/.ansible/cp/ansible-ssh-%h-%p-%r ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com
Warning: Permanently added 'ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com,2402:4200:1:297:5054:97ff:fe78:641c' (RSA) to the list of known hosts.
unix_listener: "/Users/xxxx/.ansible/cp/ansible-ssh-ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com-22-yyyyyyyyyyyyyyy.AhNsT3MRS29JPVFp" too long for Unix domain socket

これが原因っぽい! 

unix_listener: "/Users/xxxx/.ansible/cp/ansible-ssh-ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com-22-yyyyyyyyyyyyyyy.AhNsT3MRS29JPVFp" too long for Unix domain socket

取っ掛かりを見つけられたたため、ググってみるとあっさりとissueを発見。
https://github.com/ansible/ansible/issues/11536

解決方法

.ansible.cfgファイルに以下の記述を追加. 

[ssh_connection]
control_path=/tmp/%%h-%%p-%%r

コッチでも問題なし(参考)

[ssh_connection]
control_path=%(directory)s/%%C

参考

https://github.com/ansible/ansible/issues/11536
http://qiita.com/kawaz/items/a0151d3aa2b6f9c4b3b8

7
4
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
7
4