transient network/keyscan issues

Bug #656646 reported by Scott Moser on 2010-10-08
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init (Ubuntu)
Scott Moser
Nominated for Precise by Chuck Short
Scott Moser

Bug Description

Binary package hint: cloud-init

In maverick release testing (20101007.1) I found a transient-ish network failure.

Here, out of 18 instances in this test 4 of them did not have ssh keys per keyscan. Subsequently those 4 failed the ssh connection test.

Then, one instance that *passed* the connection test failed the root connection test.

I also saw a similar issue, again x86_64 and us-west-1, when testing maverick RC. There, I 7 keys out of 36 found. Again, very strange, all but one of the ssh connections passed after ssh keyscan had major issues.

I think part of this might be an issue with ssh-keyscan, where failure of one host in the arguments causes failure of others.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: cloud-init 0.5.15-0ubuntu3
ProcVersionSignature: User Name 2.6.35-22.33-virtual
Uname: Linux 2.6.35-22-virtual x86_64
Architecture: amd64
Date: Fri Oct 8 03:03:39 2010
Ec2AMI: ami-681f4f2d
Ec2AMIManifest: ubuntu-images-testing-us-west-1/ubuntu-maverick-daily-amd64-server-20101007.1.manifest.xml
Ec2AvailabilityZone: us-west-1a
Ec2InstanceType: m1.large
Ec2Kernel: aki-9ba0f1de
Ec2Ramdisk: unavailable
PackageArchitecture: all
 PATH=(custom, user)
SourcePackage: cloud-init

Scott Moser (smoser) wrote :
Scott Moser (smoser) wrote :

Note, only a cloud-init bug because I have no better location.

Changed in cloud-init (Ubuntu):
importance: Undecided → Low
status: New → Confirmed
tags: added: iso-testing
Scott Moser (smoser) on 2011-02-18
Changed in cloud-init (Ubuntu Natty):
assignee: nobody → Scott Moser (smoser)
Scott Moser (smoser) wrote :

I've had som emore experience with this, and it is definitely true that running
ssh-keyscan host1 host2 host3 host4 ....

can end up giving output only for a small number of hosts because a single host fails.
During one case where this was failing, i did (manually)

$ ssh-keyscan -t rsa,dsa ...
# SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu1 ssh-dss AAAAB3N...
# SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu1 ssh-rsa AAAAB3NzaC1y...
# SSH-2.0-OpenSSH_5.8p1 Debian-1ubuntu1
Connection closed by

There were several other hosts to scan (13), but the failure of 'Connection closed' on the third host ends up failing.

I had assumed from the man page of ssh-keyscan:
  "ssh-keyscan uses non-blocking socket I/O to contact as many hosts as
   possible in parallel, so it is very efficient. The keys from a domain
   of 1,000 hosts can be collected in tens of seconds, even when some of
   those hosts are down or do not run ssh."

that a failure on one host would not indicate the others, but it appears
that is not the case.

So, in the case where I saw large number of ssh-keyscan failures, they
are in fact linked to 2 failure.

dino99 (9d9) wrote :

time have elapsed since that latest comment; is it still an issue ?

Changed in cloud-init (Ubuntu Natty):
status: Confirmed → Invalid
Changed in cloud-init (Ubuntu Maverick):
status: New → Invalid
tags: removed: maverick
Changed in cloud-init (Ubuntu):
status: Confirmed → Incomplete
Scott Moser (smoser) wrote :

Gonna mark this 'Wont fix'. Generally I think its a bug in ssh-keyscan.

Changed in cloud-init (Ubuntu):
status: Incomplete → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers