Juju 1.23-beta4 introduces ssh key bug when used w/ DHX
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | juju-core |
High
|
Horacio Durán | ||
| | 1.23 |
High
|
Horacio Durán | ||
| | 1.24 |
High
|
Horacio Durán | ||
Bug Description
There's an issue with the latest Juju 1.23-beta4 and it appears to be the SSH Key import
I'm coupling this with the juju dhx plugin, which runs successfully on first run, however on subsequent connection attempts to the same machine it spits out duplicate key warnings then panic's and stacktraces
- edit -
Interestingly enough, I seem to have confirmed its the ssh import process causing the panic. Commenting out the import id's in my dhx rc has corrected the issue.
I've also verified this behavior does not exist in beta3, nor in current stable 1.22
| Charles Butler (lazypower) wrote : | #1 |
| description: | updated |
| Changed in juju-core: | |
| status: | New → Confirmed |
| importance: | Undecided → High |
| status: | Confirmed → Triaged |
| Changed in juju-core: | |
| milestone: | 1.23 → 1.24-alpha1 |
| tags: | added: ssh |
| Changed in juju-core: | |
| milestone: | 1.24-alpha1 → 1.25.0 |
| no longer affects: | juju-core/1.23 |
| Charles Butler (lazypower) wrote : | #2 |
| Martin Packman (gz) wrote : | #3 |
So, this is basically an API breakage caused by making import sanely when a key id corresponds to multiple keys.
cmd/juju/
results, err := client.
if err != nil {
}
for i, result := range results {
if result.Error != nil {
}
}
This assumes that the returned results map 1:1 with the passed in sshKeyIds.
apiserver/
func runSSHKeyImport
...
for _, keyId := range keyIds {
...
for _, line := range lines {
}
...
}
return keyInfo
}
This returns a longer keyInfo than given keyIds when ssh-import-id returns multiple lines of output.
The correct way to fix this depends on the branch. On trunk, we want a new api that returns a richer result struct.
On 1.23, we need to fix the current api by making the number of string-errors we return map to the key ids passed in.
For both, I think the runSSHKeyImport return should be changed to return []struct{keyId string, keyInfo []importedSSHKey}, and for the current api version we then mash all the errors into one.
| Horacio Durán (hduran-8) wrote : | #4 |
I proposed http://
| tags: | added: blocker |
| tags: | added: regression |
| Changed in juju-core: | |
| assignee: | nobody → Horacio Durán (hduran-8) |
| status: | Triaged → In Progress |
| Changed in juju-core: | |
| status: | In Progress → Fix Committed |
| Changed in juju-core: | |
| status: | Fix Committed → Fix Released |
Update for perrito666:
This has been confirmed on AWS and HPCloud substrates (but i imagine it affects more)
Steps to reproduce:
Clone the juju-plugins repository according to the readme: https:/
Once you have confirmed the DHX plugin is present, create a debug-hooks-rc.yaml in your $JUJU_HOME directory, similar to the following:
import_ids: ['mbruzek'
Bootstrap and deploy services
juju bootstrap
juju deploy trusty/mariadb
Attempt to connect to a host once a service is registered:
juju dhx mariadb/0
The unit will attempt to register SSH Keys and panic - aborting the connection.