ControlMaster broken or defaults changed?

Morning all,

Since updating to submoduleized-ansible, my ansible-playbook runs are taking twice the time they used to. Looking at ~/.ansible/cp, I find it empty during the run.

With 1.7.x, or older git ansible, for -vvv, the first two lines I see are:

<restore-test.omadahealth.net> ESTABLISH CONNECTION FOR USER: ubuntu
<restore-test.omadahealth.net> EXEC ssh -C -tt -q -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/Users/sam/.ansible/cp/ansible-ssh-%h-%p-%r -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 restore-test.omadahealth.net /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412792607.25-208504897684154 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412792607.25-208504897684154 && echo $HOME/.ansible/tmp/ansible-tmp-1412792607.25-208504897684154’

But with the latest, the first few lines I see are:

<restore-test.omadahealth.net> ESTABLISH CONNECTION FOR USER: ubuntu on PORT 22 TO restore-test.omadahealth.net
<restore-test.omadahealth.net> EXEC /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1412792525.32-128951976047959 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1412792525.32-128951976047959 && echo $HOME/.ansible/tmp/ansible-tmp-1412792525.32-128951976047959’

Notice the complete absence of any ssh debug or options. Did ssh ControlMaster defaults change? Even setting it up in ansible.cfg as follows appears to have no effect:

[ssh_connection]
ssh_args = -o ControlMaster=yes

Thanks,

-Sam.

Sam Pierson

Chief Engineer | Omada Health

This email may contain material that is confidential and/or privileged for the sole use of the intended recipient. Any review, reliance, or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. Also note that email is not an appropriate way to send protected health information to Omada Health employees. Please use your discretion when responding to this email.

Is your play specifically set to use the ssh connection method?

-jlk

Hi Sam,

My guess is that you’re running ansible from Mac OSX? We recently switched the smart mode there to use paramiko rather than ssh due to a bug in sshpass (which is out of our control) that can cause a kernel panic and crash the system. If you’re not using ssh-pass, you can set the transport type to ‘ssh’ instead of ‘smart’ to get that functionality back. This was a short-term solution for the ssh-pass issue, and we hope to make that more fine-tuned in the near future.

Hope that helps!

You got it - yes Mac OS X.
transport = ssh fixed it. Thanks James.

-Sam.

Sam Pierson

Chief Engineer | Omada Health
650.422.4140 | sam.pierson@omadahealth.com

I’m thinking we might just want to NOT default to paramiko and then raise a fatal error before running sshpass on OSX instead mentioning if you want that, you need to use paramiko.

If this becomes the case, it’d be nice to have a way to allow it to work, perhaps with a config var. In our environment we have to use ssh (not paramiko), and also have to use sshpass frequently.

We actually have decent success with sshpass on Mac without crashes. I’ve never encountered problems.

Mine hasn’t crashed either.

I think you raise a good point - I hate to have the extra config setting, but it might be required.

I think in general -c ssh gives a better overall experience though, so I do hate having to drop to Paramiko, of course ansible rebooting your Mac (seemingly ansible, anyway) is about the worst possible experience