当通过 Ansible 时出现了 “Unix 域套接字太长” 的错误提示时,应该如何应对?

1 年 ago
清, 宇
2 minutes

环境

操作系统: macOS Sierra 10.12

$ ansible --version  
ansible 2.1.2.0
  config file = /Users/xxxx/.ansible.cfg
  configured module search path = Default w/o overrides
$ ssh -V
OpenSSH_7.2p2, LibreSSL 2.4.1

目前的状态

最近,我在将操作系统从Yosemite升级到Sierra时遇到了一个问题,Ansible无法工作。(我还对pip和其他工具进行了重新安装,所以导致这个问题的原因还不清楚。)

$ ansible -i ~/inventory/test -m ping ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com
ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh.", 
    "unreachable": true
}

只有使用终端发起SSH连接时,连接没有问题,看起来只有在使用Ansible时才无法成功地进行通信。
由于不知道原因,先尝试输出详细日志。

$ ansible -i ~/inventory/test -m ping -vvv ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com
Using /Users/xxxx/.ansible.cfg as config file
<ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com> ESTABLISH SSH CONNECTION FOR USER: xxxxxxxx
## 見難いため改行入れてますが1行で出力されます
<ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com> SSH: EXEC ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no \\
-o 'IdentityFile="/Users/xxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no 
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=yyyyyyyyyyyyyyy -o ConnectTimeout=10 
-o ControlPath=/Users/xxxx/.ansible/cp/ansible-ssh-%h-%p-%r ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com 
'/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1476547752.75-109767175351042 `" && echo ansible-tmp-1476547752.75-109767175351042="` echo $HOME/.ansible/tmp/ansible-tmp-1476547752.75-109767175351042 `" ) && sleep 0'"'"''

ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh.", 
    "unreachable": true
}

使用各种从未使用过的SSH选项,这有些可疑。
试着从控制台使用相同的选项连接SSH来查看。

ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no \\
-o 'IdentityFile="/Users/xxxx/.ssh/id_rsa"' -o KbdInteractiveAuthentication=no \\
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey \\
-o PasswordAuthentication=no -o User=yyyyyyyyyyyyyyy -o ConnectTimeout=10 \\
-o ControlPath=/Users/xxxx/.ansible/cp/ansible-ssh-%h-%p-%r ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com
Warning: Permanently added 'ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com,2402:4200:1:297:5054:97ff:fe78:641c' (RSA) to the list of known hosts.
unix_listener: "/Users/xxxx/.ansible/cp/ansible-ssh-ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com-22-yyyyyyyyyyyyyyy.AhNsT3MRS29JPVFp" too long for Unix domain socket

这似乎是原因!

unix_listener: "/Users/xxxx/.ansible/cp/ansible-ssh-ec2-XX-XXX-XX-XX.eu-west-1.compute.amazonaws.com-22-yyyyyyyyyyyyyyy.AhNsT3MRS29JPVFp" too long for Unix domain socket

找到一个线索后,我搜索了一下,很快就发现了这个问题。
https://github.com/ansible/ansible/issues/11536

解决方案 (jiě jué àn)

请在 .ansible.cfg 文件中添加以下描述。

[ssh_connection]
control_path=/tmp/%%h-%%p-%%r

在这方面我没问题(参考)。

[ssh_connection]
control_path=%(directory)s/%%C

请征求意见

https://github.com/ansible/ansible/issues/11536 的网址提供了相关问题的讨论。
http://qiita.com/kawaz/items/a0151d3aa2b6f9c4b3b8 则分享了相关内容。

广告
将在 10 秒后关闭
bannerAds