Edited at

ansible経由sshがtoo long for Unix domain socketと怒られた時の対応

More than 3 years have passed since last update.


環境

OS: macOS Sierra 10.12

$ ansible --version  

ansible 2.1.2.0
config file = /Users/xxxx/.ansible.cfg
configured module search path = Default w/o overrides
$ ssh -V
OpenSSH_7.2p2, LibreSSL 2.4.1


現象

先日、OSをyosemite→Sierraにアップデートしたタイミングでansibleが通らなくなる現象が発生

(pipとかツール周りも入れ直してたので何が起因で発生だったかは闇の中...)

$ ansible -i ~/inventory/test -m ping ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com

ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}

コンソールからssh叩くと問題なく繋がるため、どうやらansibleでつなぐ場合だけ上手く疎通が取れないらしい。

原因がわからないまま、とりあえず詳細ログを出してみる。

$ ansible -i ~/inventory/test -m ping -vvv ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com

Using /Users/xxxx/.ansible.cfg as config file
<ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: xxxxxxxx
## 見難いため改行入れてますが1行で出力されます
<ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no \\
-o 'IdentityFile="/Users/xxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=yyyyyyyyyyyyyyy -o ConnectTimeout=10
-o ControlPath=/Users/xxxx/.ansible/cp/ansible-ssh-%h-%p-%r ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com
'/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1476547752.75-109767175351042 `" && echo ansible-tmp-1476547752.75-109767175351042="` echo $HOME/.ansible/tmp/ansible-tmp-1476547752.75-109767175351042 `" ) && sleep 0'"'"''

ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}

使ったことのないsshオプションが色々付いており、この辺が怪しい。

試しにコンソールから同一オプションでsshを叩いて見る。

ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no \\

-o 'IdentityFile="/Users/xxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no \\
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey \\
-o PasswordAuthentication=no -o User=yyyyyyyyyyyyyyy -o ConnectTimeout=10 \\
-o ControlPath=/Users/xxxx/.ansible/cp/ansible-ssh-%h-%p-%r ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com
Warning: Permanently added 'ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com,2402:4200:1:297:5054:97ff:fe78:641c' (RSA) to the list of known hosts.
unix_listener: "/Users/xxxx/.ansible/cp/ansible-ssh-ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com-22-yyyyyyyyyyyyyyy.AhNsT3MRS29JPVFp" too long for Unix domain socket

これが原因っぽい!

unix_listener: "/Users/xxxx/.ansible/cp/ansible-ssh-ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com-22-yyyyyyyyyyyyyyy.AhNsT3MRS29JPVFp" too long for Unix domain socket

取っ掛かりを見つけられたたため、ググってみるとあっさりとissueを発見。

https://github.com/ansible/ansible/issues/11536


解決方法

.ansible.cfgファイルに以下の記述を追加.

[ssh_connection]

control_path=/tmp/%%h-%%p-%%r

コッチでも問題なし(参考)

[ssh_connection]

control_path=%(directory)s/%%C


参考

https://github.com/ansible/ansible/issues/11536

http://qiita.com/kawaz/items/a0151d3aa2b6f9c4b3b8