ssh_known_hosts changes are not propagated to running containers
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Oliver Walsh |
Bug Description
More info in https:/
Ansible attempts atomic updates of files (copy, modify, then mv on top of the original). The unsafe_writes option does not alter this (only applies if the atomic update fails).
As as result, altering a file using the copy or lineinfile ansible module will change the inode of the target, and the changes are be reflected in running containers that bind-mount the file.
This results in missing /etc/ssh/
tags: | added: queens-backport-potential |
tags: | added: pike-backport-potential |
Reviewed: https:/ /review. openstack. org/629076 /git.openstack. org/cgit/ openstack/ tripleo- common/ commit/ ?id=ca60b82be84 0a91e76a965438f 0cdd35c9a2baca
Committed: https:/
Submitter: Zuul
Branch: master
commit ca60b82be840a91 e76a965438f0cdd 35c9a2baca
Author: Oliver Walsh <email address hidden>
Date: Tue Jan 8 00:53:01 2019 +0000
Workaround ssh_known_hosts changes not being propagated to containers
We need an in-place update of /etc/ssh/ ssh_known_ hosts for the changes to be
visible to running containers. This works around the issue until we have a
better long-term solution - make a copy, update using lineinfile, then
clobber the original file.
Closes-bug: #1810932 ad094bce31e8e85 3678c0e843c
Change-Id: Ie6af5908d4b79b