summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog11
-rw-r--r--doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket.mdwn7
-rw-r--r--doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_1_9d72cfc76d5ef15de5de54be2567a23e._comment33
-rw-r--r--doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_2_28706044d9cc744148c6744577afd261._comment12
-rw-r--r--src/Propellor/Property/Uwsgi.hs6
-rw-r--r--src/Propellor/Ssh.hs41
6 files changed, 104 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog
index e4fbd15e..0560b15e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -63,6 +63,17 @@ propellor (3.0.0) UNRELEASED; urgency=medium
-- Joey Hess <id@joeyh.name> Thu, 24 Mar 2016 15:02:33 -0400
+propellor (2.17.1) UNRELEASED; urgency=medium
+
+ * Avoid generating excessively long paths to the unix socket file
+ used for ssh connection caching. Mostly. Can still generate a too long
+ one if $HOME is longer than 60 bytes.
+ * Uwsgi: add ".ini" extension to app config files.
+ Files without extensions were ignored by uwsgi.
+ Thanks, FĂ©lix Sipma.
+
+ -- Joey Hess <id@joeyh.name> Fri, 25 Mar 2016 17:23:25 -0400
+
propellor (2.17.0) unstable; urgency=medium
* Added initial support for FreeBSD.
diff --git a/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket.mdwn b/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket.mdwn
new file mode 100644
index 00000000..b1a113ff
--- /dev/null
+++ b/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket.mdwn
@@ -0,0 +1,7 @@
+Hello,
+
+when I try to run propellor, I get this error message.
+
+ unix_listener: "/home/experiences/instrumentation/picca/.ssh/propellor/diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I" too long for Unix domain socket
+ [2016-03-25 15:20:44 CET] process done ExitFailure 255
+ propellor: user error (ssh ["-o","ControlPath=/home/experiences/instrumentation/picca/.ssh/propellor/diffabs6.exp.synchrotron-soleil.fr.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@diffabs6.exp.synchrotron-soleil.fr","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! cabal configure >/dev/null 2>&1; then ( apt-get update ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install gnupg ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install ghc ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install cabal-install ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-transformers-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-exceptions-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-stm-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install libghc-text-dev ; DEBIAN_FRONTEND=noninteractive apt-get --no-upgrade --no-install-recommends -y install make ; cabal update ; cabal install --only-dependencies ) || true; fi&& if ! test -x ./propellor; then cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi;if test -x ./propellor && ! ./propellor --check 2>/dev/null; then cabal clean && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot diffabs6.exp.synchrotron-soleil.fr ; fi'"] exited 255)
diff --git a/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_1_9d72cfc76d5ef15de5de54be2567a23e._comment b/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_1_9d72cfc76d5ef15de5de54be2567a23e._comment
new file mode 100644
index 00000000..642eae7b
--- /dev/null
+++ b/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_1_9d72cfc76d5ef15de5de54be2567a23e._comment
@@ -0,0 +1,33 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2016-03-25T20:39:29Z"
+ content="""
+What's going on here is propellor has asked ssh to use that as a socket,
+but unix has a hoary old limit on the length of filenames to unix domain
+sockets -- something around 100 characters max depending on the OS (108 on
+linux I believe).
+
+40 characters of that budget is used up by the somewhat long HOME path, 17
+characters are tacked on by ssh (for no really good reason given the
+limited budget). This leaves propellor 57 characters to make a unique
+socket name that's not too ugly, but it decided to put the whole hostname
+in there, which blows past the budget in this case.
+
+So, I have changed the code to try to respect the budget while still coming
+up with the best filename it can.
+
+So in your case the new path will be something like
+"/home/experiences/instrumentation/picca/.ssh/propellor/diffabs6.e-44ecb7d0.j3awdJtqk5r3HB1I"
+-- 91 bytes, so under the limit.
+
+If someone has HOME set to something longer than ~60 characters,
+propellor will still break. Since the socket file has to be at a
+stable location, and so more or less needs to live under HOME, it's hard to
+avoid the problem entirely.
+
+I did consider moving the sockets to /tmp to avoid HOME length causing a
+problem, but then other users on the system could DOS propellor by creating
+the directory in /tmp, which would at best make it fall back to not using
+the ssh socket and so asking repeatedly for passwords.
+"""]]
diff --git a/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_2_28706044d9cc744148c6744577afd261._comment b/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_2_28706044d9cc744148c6744577afd261._comment
new file mode 100644
index 00000000..2423a91e
--- /dev/null
+++ b/doc/forum/unix__95__listener:___34____47__home__47__experiences__47__instrumentation__47__picca__47__.ssh__47__propellor__47__diffabs6.exp.synchrotron-soleil.fr.sock.j3awdJtqk5r3HB1I__34___too_long_for_Unix_domain_socket/comment_2_28706044d9cc744148c6744577afd261._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2016-03-25T21:26:20Z"
+ content="""
+If someone wants to improve this more later, it would suffice to make
+`sshCachingParams` fall back to using a temp file in /tmp for the socket
+when HOME is too long, as long as repeated calls to `sshCachingParams`
+inside the same propellor process returned the same temp file each time
+(for a given HostName). Of course, the temp files would need to be cleaned
+up when propellor exists.
+"""]]
diff --git a/src/Propellor/Property/Uwsgi.hs b/src/Propellor/Property/Uwsgi.hs
index 491c77d1..4eb94103 100644
--- a/src/Propellor/Property/Uwsgi.hs
+++ b/src/Propellor/Property/Uwsgi.hs
@@ -31,13 +31,13 @@ appAvailable an cf = ("uwsgi app available " ++ an) ==>
comment = "# deployed with propellor, do not modify"
appCfg :: AppName -> FilePath
-appCfg an = "/etc/uwsgi/apps-available/" ++ an
+appCfg an = "/etc/uwsgi/apps-available" </> an <.> "ini"
appVal :: AppName -> FilePath
-appVal an = "/etc/uwsgi/apps-enabled/" ++ an
+appVal an = "/etc/uwsgi/apps-enabled/" </> an <.> "ini"
appValRelativeCfg :: AppName -> File.LinkTarget
-appValRelativeCfg an = File.LinkTarget $ "../apps-available/" ++ an
+appValRelativeCfg an = File.LinkTarget $ "../apps-available" </> an <.> "ini"
installed :: Property DebianLike
installed = Apt.installed ["uwsgi"]
diff --git a/src/Propellor/Ssh.hs b/src/Propellor/Ssh.hs
index b00eb651..3e4806ea 100644
--- a/src/Propellor/Ssh.hs
+++ b/src/Propellor/Ssh.hs
@@ -2,9 +2,11 @@ module Propellor.Ssh where
import Propellor.Base
import Utility.UserInfo
+import Utility.FileSystemEncoding
import System.PosixCompat
import Data.Time.Clock.POSIX
+import qualified Data.Hash.MD5 as MD5
-- Parameters can be passed to both ssh and scp, to enable a ssh connection
-- caching socket.
@@ -16,9 +18,8 @@ import Data.Time.Clock.POSIX
sshCachingParams :: HostName -> IO [CommandParam]
sshCachingParams hn = do
home <- myHomeDir
- let cachedir = home </> ".ssh" </> "propellor"
- createDirectoryIfMissing False cachedir
- let socketfile = cachedir </> hn ++ ".sock"
+ let socketfile = socketFile home hn
+ createDirectoryIfMissing False (takeDirectory socketfile)
let ps =
[ Param "-o"
, Param ("ControlPath=" ++ socketfile)
@@ -42,3 +43,37 @@ sshCachingParams hn = do
[ Param "localhost" ]
nukeFile f
tenminutes = 600
+
+-- Generate a socket filename inside the home directory.
+--
+-- There's a limit in the size of unix domain sockets, of approximately
+-- 100 bytes. Try to never construct a filename longer than that.
+--
+-- When space allows, include the full hostname in the socket filename.
+-- Otherwise, include at least a partial md5sum of it,
+-- to avoid using the same socket file for multiple hosts.
+socketFile :: FilePath -> HostName -> FilePath
+socketFile home hn = selectSocketFile
+ [ sshdir </> hn ++ ".sock"
+ , sshdir </> hn
+ , sshdir </> take 10 hn ++ "-" ++ md5
+ , sshdir </> md5
+ , home </> ".propellor-" ++ md5
+ ]
+ (".propellor-" ++ md5)
+ where
+ sshdir = home </> ".ssh" </> "propellor"
+ md5 = take 9 $ MD5.md5s $ MD5.Str hn
+
+selectSocketFile :: [FilePath] -> FilePath -> FilePath
+selectSocketFile [] fallback = fallback
+selectSocketFile [f] _ = f
+selectSocketFile (f:fs) fallback
+ | valid_unix_socket_path f = f
+ | otherwise = selectSocketFile fs fallback
+
+valid_unix_socket_path :: FilePath -> Bool
+valid_unix_socket_path f = length (decodeW8 f) < 100 - reservedbyssh
+ where
+ -- ssh tacks on 17 or so characters when making a socket
+ reservedbyssh = 18