StarlingX

Ansible is unable to update ssh known hosts when a non default SSH port is used

Bug #1830258 reported by Allain Legacy on 2019-05-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	Medium	Tee Ngo

Bug Description

Brief Description
-----------------
The "Update SSH known hosts" task is using a regex that is not compatible with a custom SSH port. As a result it is not possible to remotely configure a node that now has an SSH key that differs from the previous installation.

  - name: Update SSH known hosts
    lineinfile:
      path: ~/.ssh/known_hosts
      state: absent
      regexp: '^{{ ansible_host }}'
    delegate_to: localhost

The regex line in the task should be changed to something similar to the following:

regexp: '^{{ ansible_host }}|^\[{{ ansible_host }}\]:{{ ansible_port }}'

Severity
--------
Minor, manually editing the .ssh/known_hosts file to delete the line is a temporary workaround

Steps to Reproduce
------------------
Attempt to remotely configure a system using Ansible with a custom SSH port (i.e., thru a NAT). The target system must have an SSH key that differs from the one in the user's current ~/.ssh/known_hosts file.

Expected Behavior
------------------
Ansible should remove the entry from the ~/.ssh/known_hosts file even if the SSH Port is not 22.

Actual Behavior
----------------
Ansible fails to run the "Look for unmistakenly StarlingX package" task with this error:
TASK [prepare-env : Look for unmistakenly StarlingX package] *******************
fatal: [cpe-0]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"yow-alegacy-vm2.wrs.com\". Make sure this host can be reached over ssh", "unreachable": true}

Reproducibility
---------------
100%

System Configuration
--------------------
Any

Branch/Pull Time/Commit
-----------------------
Private load rebased May 22

Last Pass
---------
Unknown

Timestamp/Logs
--------------
See above

Test Activity
-------------
Developer testing

Tags:

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2019-05-24:

Marking as release gating; medium priority given this is not a common config and there is a workaround

Changed in starlingx:
importance:	Undecided → Medium
status:	New → Triaged
assignee:	nobody → Tee Ngo (teewrs)
tags:	added: stx.2.0 stx.config

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-06: Fix proposed to config (master)

Fix proposed to branch: master
Review: https://review.opendev.org/663755

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-06-11: Fix merged to config (master)

Reviewed: https://review.opendev.org/663755
Committed: https://git.openstack.org/cgit/starlingx/config/commit/?id=014cff7f7ce2a0d6d5dabdc442ce260228dd47cd
Submitter: Zuul
Branch: master

commit 014cff7f7ce2a0d6d5dabdc442ce260228dd47cd
Author: Tee Ngo <email address hidden>
Date: Thu Jun 6 15:48:54 2019 -0400

Handling of unconventional port number in playbook

This commit supports unconventional port for ssh related tasks.
It also eliminates a pesky warning caused by turning on pipelining.

    Closes-Bug: 1829051
    Closes-Bug: 1830258
    Change-Id: I8d1f054cdec8f2ed2a3f71b70ea10a1f7643831f
    Signed-off-by: Tee Ngo <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.