Can't sftp into upgraded subcloud
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Low
|
Reinildes Oliveira |
Bug Description
System Config
-------
subcloud
Description of failure
-------
Subcloud has been successfully upgraded from stx 6 to 7 but can't sftp into the subcloud from any source (System Controller or utility servers) after the upgrade given the sftp entry points to an invalid path
Impact of Failure
-------
Minor
Impact on users
-------
Can't sftp into the subcloud from any source (System Controller or utility servers) after the upgrade
Time-line based on log analysis
-------
1. subcloud has been successfully upgraded
2. Can't sftp into the subcloud from any source (System Controller or utility servers) after the upgrade
3. the sshd configuration file seems to be the culprit. The sftp subsystem entry points to an invalid path for the sftp-server binary
root@controller
Subsystem sftp /usr/libexec/
root@controller
ls: cannot access '/usr/libexec/
root@controller
4. same line on the system controller points to an existing binary and sftp works as expected there
[sysadmin@
Subsystem sftp /usr/lib/
[sysadmin@
-rwxr-xr-x 3 root root 125056 Jan 1 1970 /usr/lib/
5. Also interesting to note that the access attributes of the sshd_config file are different between the System Controller and the subcloud. I'm not sure which version is correct, but they should be the same.
--->subcloud: only root can read:
sysadmin@
-rw------- 1 root root 4858 Feb 9 18:52 /etc/ssh/
--->system controller: anyone can read:
[sysadmin@
-rw-r--r-- 1 root root 4855 Feb 7 01:21 /etc/ssh/
bash.log
2024-02-
2024-02-
2024-02-
2024-02-
2024-02-
2024-02-
auth.log
2024-02-
2024-02-
Changed in starlingx: | |
assignee: | nobody → Reinildes Oliveira (rjosemat) |
Changed in starlingx: | |
status: | New → In Progress |
Changed in starlingx: | |
importance: | Undecided → Low |
tags: | added: stx.9.0 stx.distcloud stx.update |
Reviewed: https:/ /review. opendev. org/c/starlingx /ansible- playbooks/ +/910345 /opendev. org/starlingx/ ansible- playbooks/ commit/ 37543ef843d667c 0524b858b4359ef 6498a20c49
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 37543ef843d667c 0524b858b4359ef 6498a20c49
Author: Rei Oliveira <email address hidden>
Date: Tue Feb 27 11:42:26 2024 -0300
Replace sftp server bin with debian's path
The aio-sx restore playbook will restore the /etc/sshd dir
from the centOS backup when upgrading from centos to debian.
This will result in etc/ssh/sshd_config pointing to a sftpserver
path that does not exist in debian. This is reproducible
on AIO-SX standalone and subclouds, but not AIO-DX, since
SX and DX have different upgrade paths.
/usr/ libexec/ openssh/ sftp-server in centos. lib/openssh/ sftp-server in debian.
/usr/
This is a simple change that simply replaces the wrong path
with the valid path for debian.
Test case:
PASS: Run AIO-SX upgrade then verify that 'sftp controller-0'
goes thru and the connection is established.
'Get a file' and verify the download is successful.
Closes-Bug: 2055324 e49148b4b38f722 923409b41ed
Change-Id: I15a47dcb0ea3da
Signed-off-by: Rei Oliveira <email address hidden>