Ansible : SSH Error: ControlPath too long

Asked 4/11, 2015 at 7:40 Answered 15/2, 2023 at 7:47

I run a computer with Ubuntu 15.10 and I try to run Vagrant with Ansible.

Before start, I like to say that I don't have any idea about server management and especialy the Ansible.

The reason I am going to run my system this way, is because I have start working on a project that requires this installation.

After all, the problem I have is that while provisioning the Vagrant I get the following message

<aaa.dev> ESTABLISH CONNECTION FOR USER: vagrant
<aaa.dev> REMOTE_MODULE setup
<aaa.dev> EXEC ssh -C -tt -vvv -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/media/merianos/Large Internal/Vagrant/ansible-project/.vagrant/machines/default/virtualbox/private_key -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/merianos/.ansible/cp/%h-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=30 aaa.dev /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446622406.54-199921739516776 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446622406.54-199921739516776 && echo $HOME/.ansible/tmp/ansible-tmp-1446622406.54-199921739516776'
fatal: [aaa.dev] => SSH Error: ControlPath too long
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

So, is it posible to help me someone with this issue ?

Just to say that I have try this article : https://github.com/ansible/ansible/issues/11536 and I changed the control_path in my ansible.cfg to control_path = %(directory)s/%%h-%%r but still not working.

Note My installation path contains a space that I can't remove it because are running many other projects on the same HDD and the configuration will be huge for all the projects. I don't know if that space is the problem, but just I say about it.

UPDATE #1

Result before I change anything:

<aaa.dev> ESTABLISH CONNECTION FOR USER: vagrant
<aaa.dev> REMOTE_MODULE setup
<aaa.dev> EXEC ssh -C -tt -vvv -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/media/merianos/Large Internal/Vagrant/ansible-project/.vagrant/machines/default/virtualbox/private_key -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/merianos/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=30 aaa.dev /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446628138.53-155680153347939 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446628138.53-155680153347939 && echo $HOME/.ansible/tmp/ansible-tmp-1446628138.53-155680153347939'
fatal: [aaa.dev] => SSH Error: ControlPath too long
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

Result with control_path = %(directory)s/%%h-%%r :

<aaa.dev> ESTABLISH CONNECTION FOR USER: vagrant
<aaa.dev> REMOTE_MODULE setup
<aaa.dev> EXEC ssh -C -tt -vvv -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/media/merianos/Large Internal/Vagrant/ansible-project/.vagrant/machines/default/virtualbox/private_key -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/merianos/.ansible/cp/%h-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=30 aaa.dev /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446628320.4-231606404275563 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446628320.4-231606404275563 && echo $HOME/.ansible/tmp/ansible-tmp-1446628320.4-231606404275563'
fatal: [aaa.dev] => SSH Error: ControlPath too long
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

UPDATE #2

After I set the ssh_args = -o ControlMaster=off I get the following result:

<aaa.dev> ESTABLISH CONNECTION FOR USER: vagrant
<aaa.dev> REMOTE_MODULE setup
<aaa.dev> EXEC ssh -C -tt -vvv -o UserKnownHostsFile=/dev/null -o IdentitiesOnly=yes -o IdentityFile=/media/merianos/Large Internal/Vagrant/ansible-project/.vagrant/machines/default/virtualbox/private_key -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/home/merianos/.ansible/cp/ansible-ssh-%h-%p-%r" -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=30 aaa.dev /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1446628489.4-10074395967553 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1446628489.4-10074395967553 && echo $HOME/.ansible/tmp/ansible-tmp-1446628489.4-10074395967553'
fatal: [aaa.dev] => SSH Error: ControlPath too long
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

In general for each modification I did, the error message seems to be the same, and maybe the configuration it happens from some other level, but not the ansible.cfg.

Unfortunatelly I don't know where to find that location :(

Embitter answered 4/11, 2015 at 7:40 Comment(0)

I described the problem in similar question.

You need to change it to something shorter (if you have long hostname). For test case you can try just ./master, but for real use case, you should use at least ./s/%%h-%%r.

Coletta answered 4/11, 2015 at 8:20 Comment(5)

thanks for your answer, but can you help me ? I don't know where to change this variable. As I describe in my question I change the control_path in ansible.cfg but didn't work. Any idea on how to change it ? Thanks – Embitter 4/11, 2015 at 8:45

What do you mean by not-working? It doesn't make any difference in the output message? Setting ssh_args = -o ControlMaster=off makes any difference? – Coletta 4/11, 2015 at 8:54

Where to change the ControlMaster ? As I sayed I am not experienced server admin and I don't have any idea on how Ansible works and ofcourse how to configure it. After a long research I found the ansible.cfg and changed the attribute control_path, but I don't know how to apply your sugestions. Sorry for that – Embitter 4/11, 2015 at 9:3

Sorry. The same way as you applied the control_path option, in ansible.cfg. Can you please post how the erorr message change before you apply anything and after you change it to control_path = ./%%h-%%r and after you add ssh_args = -o ControlMaster=off line in your ansible.cfg? – Coletta 4/11, 2015 at 9:6

seems like ansible is ignoring your options completely. In which .cfg file did you change these values? Anssible reads quite much of config files in different order and priority: docs.ansible.com/ansible/intro_configuration.html – Coletta 4/11, 2015 at 9:23

The very first sentence of the documentation for OpenSSH specific settings in Ansible says:

Under the [ssh_connection] header, the following settings are tunable for SSH connections.

So you need to place the ssh_args variable in [ssh_connection] section of the ansible.cfg, for example:

[defaults]
timeout = 600

[ssh_connection]
ssh_args = -o ControlMaster=off

In fact overriding the ssh_args with an empty value disables the defaults for ControlMaster/ControlPersistent/ControlPath in Ansible, so it should simply be:

[ssh_connection]
ssh_args =

Vesiculate answered 17/1, 2017 at 13:52 Comment(0)

Short Answers

Pass this as an argument to ansible or ansible-playbook commands:

 -e "ansible_ssh_common_args='-o ControlPath=/tmp/ssh-%r@%h:%p'"

Or as env variable

export ANSIBLE_SSH_ARGS="-o ControlPath=/tmp/ssh-%r@%h:%p'"

Or as an argument to the host definition in the inventory file

[web_servers]
host ansible_ssh_common_args='-o ControlPath=/tmp/ssh-%r@%h:%p'

Avoid using /tmp directory as its not secure

Long Answer

ControlPath too long is the error that belongs to SSH. SSH creates a control (unix) socket to reuse a TCP connection. The Control path is where this socket is saved.

Ansible may use its local config directory as the location to the ControlPath and if this local config directory is long would raise this error. Alternatively if the home directory itself is at a long path this problem may raise.

Typically, this can be fixed at SSH end by simply using a shorter path in the local ssh config file (~/.ssh/config):

Host *
ControlPath /tmp/ssh-%r@%h:%p

This will create socket file in the /tmp directory (very short path and is world writeable) using the username (%r), hostname (%h), and port number (%p) from the SSH connection as part of the filename

/tmp is world writeable and is not safe. Hackers can use the socket file from the /tmp to login to target SSH server and is dangerous. Please prefer using home directory if it is at short path

Ansible typically should read the file ~/.ssh/config and load ControlPath settings. However in some cases if it isn't, then the following can be done:

Use ANSIBLE_SSH_CONFIG environment variable like:

export ANSIBLE_SSH_CONFIG=~/.ssh/config

OR use ansible configuration file. Create an ansible.cfg file in the ansible project directory and add this code to it:

[ssh_connection]
ssh_args = -F /full/path/to/ssh_config

For me, ~ or \~ in the cfg file didn't work. So ~/.ssh/config wouldn't work and we need to specify full path to the .ssh/config for ex: /home/xxxx/.ssh/config

Pastoralist answered 15/2, 2023 at 7:47 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags