[GitHub] incubator-metron pull request: Specify shorter control_path to avo...

[tom-meyer <gi...@git.apache.org>]

GitHub user tom-meyer opened a pull request:

    https://github.com/apache/incubator-metron/pull/122

    Specify shorter control_path to avoid 'unix domain socket too long' problem

    Paired with Ryan Merriman on this fix.  This issue is reported in the following Jira:  https://issues.apache.org/jira/browse/METRON-168

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/tom-meyer/incubator-metron master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-metron/pull/122.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #122
    
----

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron pull request: Specify shorter control_path to avo...

[asfgit <gi...@git.apache.org>]

Github user asfgit closed the pull request at:

    https://github.com/apache/incubator-metron/pull/122


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron pull request: Specify shorter control_path to avo...

[dlyle65535 <gi...@git.apache.org>]

Github user dlyle65535 commented on a diff in the pull request:

    https://github.com/apache/incubator-metron/pull/122#discussion_r63588586
  
    --- Diff: metron-deployment/amazon-ec2/ansible.cfg ---
    @@ -25,4 +25,4 @@ log_path = ./ansible.log
     
     # fix for "ssh throws 'unix domain socket too long' " problem
     [ssh_connection]
    -control_path = %(directory)s/%%h-%%p-%%r
    +control_path = /tmp/%%h-%%p-%%r
    --- End diff --
    
    I wouldn't use temp. DoD stigs require noexec on tmp. Alternatively, see if the socket will work when /tmp is mounted noexec.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron pull request: Specify shorter control_path to avo...

[nickwallen <gi...@git.apache.org>]

Github user nickwallen commented on the pull request:

    https://github.com/apache/incubator-metron/pull/122#issuecomment-220195558
  
    +1 Tested successfully with EC2 deployment.  
    
    This same issue has bit us twice now.  It was difficult to diagnose this issue because it only impacted a few users.  It seems that OpenSSH imposes a 104 character limit on the length of the path to the domain socket.  
    
    The previous configuration embedded things like the username and working directory in the path of the domain socket.  It would fail for people who had very specific platform differences, like a long username or highly nested path to Metron, which would then exceed the 104 character limit.  I myself was never able to replicate the problem until now.
    
    This is our second attempt at a fix and I think this is the right approach.  Using `%%C` results in a fixed-length hash. Using `~/.ssh/` also ensures that the path is also of fixed-length.  This removes any variability that might cause it to exceed 104 characters.  [Seems like others agree too.](https://github.com/ansible/ansible/issues/11536)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron pull request: Specify shorter control_path to avo...

[nickwallen <gi...@git.apache.org>]

Github user nickwallen commented on the pull request:

    https://github.com/apache/incubator-metron/pull/122#issuecomment-221157587
  
    This fix was not working for @dlyle65535 today.  It would error out because it did not understand `%C`.  
    
    I dug a little and found that this option was added in [OpenSSH 6.7](http://www.openssh.com/txt/release-6.7).  I wanted to provide a warning for other users who have older versions of OpenSSH.



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-metron pull request: Specify shorter control_path to avo...

[cestella <gi...@git.apache.org>]

Github user cestella commented on the pull request:

    https://github.com/apache/incubator-metron/pull/122#issuecomment-220619587
  
    +1 this looks good


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---