Shell calls in cert-manager migration playbook were failing when
called remotely after redeploying subclouds due to the change in the
host keys in the sysadmin's known_hosts file.
Considering that ansible is configured to ignore host keys in the
other calls, added extra var to instruct ansible to ignore host keys
and strict host key checking, allowing shell operations over SSH
during cert-manager migration playbook's execution.
Test plan:
PASS: Deploy two subclouds. SSH to them and accept their host keys.
Open the sysadmin's known_hosts file and change the subcloud's
host keys to invalid ones.
Try to SSH to the subclouds, observe that an error message
regarding the host keys changing is returned.
Perform cert-manager migration targeting the subclouds.
Verify that the execution proceeded as expected (i.e., all the
ssh calls were successful).
Reviewed: https:/ /review. opendev. org/c/starlingx /ansible- playbooks/ +/899317 /opendev. org/starlingx/ ansible- playbooks/ commit/ a71ba86833aa0da 7817f1e918cbe3d 20bc868d6e
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit a71ba86833aa0da 7817f1e918cbe3d 20bc868d6e
Author: Marcelo Loebens <email address hidden>
Date: Wed Oct 25 17:35:28 2023 -0400
Avoid host key check in cert-manager migration
Shell calls in cert-manager migration playbook were failing when
called remotely after redeploying subclouds due to the change in the
host keys in the sysadmin's known_hosts file.
Considering that ansible is configured to ignore host keys in the
other calls, added extra var to instruct ansible to ignore host keys
and strict host key checking, allowing shell operations over SSH
during cert-manager migration playbook's execution.
Test plan:
PASS: Deploy two subclouds. SSH to them and accept their host keys.
Open the sysadmin's known_hosts file and change the subcloud's
host keys to invalid ones.
Try to SSH to the subclouds, observe that an error message
regarding the host keys changing is returned.
Perform cert-manager migration targeting the subclouds.
Verify that the execution proceeded as expected (i.e., all the
ssh calls were successful).
Closes-Bug: 2040738
Change-Id: I5d44ce53fee209 8986fb5672eccd8 7bdae3f0d01
Signed-off-by: Marcelo Loebens <email address hidden>