Ansible is unable to update ssh known hosts when a non default SSH port is used
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Tee Ngo |
Bug Description
Brief Description
-----------------
The "Update SSH known hosts" task is using a regex that is not compatible with a custom SSH port. As a result it is not possible to remotely configure a node that now has an SSH key that differs from the previous installation.
- name: Update SSH known hosts
lineinfile:
path: ~/.ssh/known_hosts
state: absent
regexp: '^{{ ansible_host }}'
delegate_to: localhost
The regex line in the task should be changed to something similar to the following:
regexp: '^{{ ansible_host }}|^\[{{ ansible_host }}\]:{{ ansible_port }}'
Severity
--------
Minor, manually editing the .ssh/known_hosts file to delete the line is a temporary workaround
Steps to Reproduce
------------------
Attempt to remotely configure a system using Ansible with a custom SSH port (i.e., thru a NAT). The target system must have an SSH key that differs from the one in the user's current ~/.ssh/known_hosts file.
Expected Behavior
------------------
Ansible should remove the entry from the ~/.ssh/known_hosts file even if the SSH Port is not 22.
Actual Behavior
----------------
Ansible fails to run the "Look for unmistakenly StarlingX package" task with this error:
TASK [prepare-env : Look for unmistakenly StarlingX package] *******************
fatal: [cpe-0]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to remote host \"yow-alegacy-
Reproducibility
---------------
100%
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
Private load rebased May 22
Last Pass
---------
Unknown
Timestamp/Logs
--------------
See above
Test Activity
-------------
Developer testing
Marking as release gating; medium priority given this is not a common config and there is a workaround