tripleo

Private SSH key for deployment has wrong permissions

Bug #1859244 reported by Luke Short
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Medium
Luke Short
tripleo ussuri-2 "tripleo ussuri-2"

Bug Description

Description
===========
Sometimes a deployment will fail being unable to use a private SSH key created by TripleO for the Overcloud due to insecure permissions.

Related BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1789965

Steps to reproduce
==================
This issue seems random but happens on new deployments.

Expected result
===============
The private SSH key should have 0600 permissions.

Actual result
=============
The private SSH key has 0670 permissions.

Environment
===========
Train

Logs & Configs
==============
https://gist.githubusercontent.com/smalleni/325b65bc65b47688af2753a1f19ad7cf/raw/5a6b97ef01e646c36e64a29ccb7021d60e82ad59/gistfile1.txt

Luke Short (ekultails)
Changed in tripleo:
milestone: none → ussuri-1
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-tripleoclient (master)

Fix proposed to branch: master
Review: https://review.opendev.org/702147

Changed in tripleo:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (master)

Fix proposed to branch: master
Review: https://review.opendev.org/702150

Emilien Macchi (emilienm)
Changed in tripleo:
milestone: ussuri-1 → ussuri-2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (master)

Reviewed: https://review.opendev.org/702150
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=bbca58f2dd139a52e517e5c7cb14a4fe4835db92
Submitter: Zuul
Branch: master

commit bbca58f2dd139a52e517e5c7cb14a4fe4835db92
Author: Luke Short <email address hidden>
Date: Fri Jan 10 16:08:01 2020 -0500

    Enforce 0600 permissions on an existing SSH private key file.

    Change-Id: If5d79f75037e252276a76bf010874e374df67e87
    Closes-Bug: #1859244
    Signed-off-by: Luke Short <email address hidden>

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-tripleoclient (master)

Reviewed: https://review.opendev.org/702147
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=3d06657c90e32c17b6ff7ae0e672e6a2050764fc
Submitter: Zuul
Branch: master

commit 3d06657c90e32c17b6ff7ae0e672e6a2050764fc
Author: Luke Short <email address hidden>
Date: Sun Jan 12 19:52:04 2020 -0500

    Enforce 0600 permissions on private SSH key file.

    Change-Id: Ic0864c5cd8f5ad196e76b3cea45f95662121a582
    Closes-Bug: #1859244
    Signed-off-by: Luke Short <email address hidden>

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/703805

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-tripleoclient (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/703808

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (stable/train)

Reviewed: https://review.opendev.org/703805
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=41cf8e84b3786290872bb8c54df10ce333280858
Submitter: Zuul
Branch: stable/train

commit 41cf8e84b3786290872bb8c54df10ce333280858
Author: Luke Short <email address hidden>
Date: Fri Jan 10 16:08:01 2020 -0500

    Enforce 0600 permissions on an existing SSH private key file.

    Conflicts:
        tripleo_common/actions/ansible.py

    Change-Id: If5d79f75037e252276a76bf010874e374df67e87
    Closes-Bug: #1859244
    Signed-off-by: Luke Short <email address hidden>
    (cherry picked from commit bbca58f2dd139a52e517e5c7cb14a4fe4835db92)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-tripleoclient (stable/train)

Reviewed: https://review.opendev.org/703808
Committed: https://git.openstack.org/cgit/openstack/python-tripleoclient/commit/?id=bd2a37734010ee89535930fe85faad27661555f5
Submitter: Zuul
Branch: stable/train

commit bd2a37734010ee89535930fe85faad27661555f5
Author: Luke Short <email address hidden>
Date: Sun Jan 12 19:52:04 2020 -0500

    Enforce 0600 permissions on private SSH key file.

    Change-Id: Ic0864c5cd8f5ad196e76b3cea45f95662121a582
    Closes-Bug: #1859244
    Signed-off-by: Luke Short <email address hidden>
    (cherry picked from commit 3d06657c90e32c17b6ff7ae0e672e6a2050764fc)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/python-tripleoclient 13.1.0

This issue was fixed in the openstack/python-tripleoclient 13.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/tripleo-common 12.1.0

This issue was fixed in the openstack/tripleo-common 12.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/python-tripleoclient 12.4.0

This issue was fixed in the openstack/python-tripleoclient 12.4.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.