Browse Source

Fix ssh_known_hosts hostname entries

The tripleo-ssh-known-hosts ansible role used the list of network names to
create the different possible hostnames in the ssh_known_hosts file. The
network names do not match the actual network hostnames, like internal_api
vs. internalapi which results in ssh host verification to fail and e.g. live
migration to fail.

Initial approach in a5bcbc8d01 had to be reverted
as it resulted in errors when the _hostname inventory information was missing
from the ansible inventory.

Also syncs to use the same approach to create the hostname like in
https://review.opendev.org/693010 to have entries in /etc/hosts and
ssh_known_hosts created in the same way/source.

Closes-Bug: #1852064

Change-Id: Ie04d0f0cd9474070bffd153fa3dddee9f304a14f
tags/1.0.0
Martin Schuppert 3 months ago
parent
commit
d6541e624e
2 changed files with 18 additions and 2 deletions
  1. +16
    -0
      releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml
  2. +2
    -2
      tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml

+ 16
- 0
releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml View File

@@ -0,0 +1,16 @@
---
fixes:
- |
The tripleo-ssh-known-hosts ansible role used the list of network names to
create the different possible hostnames in the ssh_known_hosts file. The
network names do not match the actual network hostnames, like internal_api
vs. internalapi which results in ssh host verification to fail and e.g.
live migration to fail.

Initial approach in a5bcbc8d015b792b3546ecbb139506f248dacfe8 had to be
reverted as it resulted in errors when the _hostname inventory information
was missing from the ansible inventory.

This syncs to use the same approach to create the hostname like in
https://review.opendev.org/693010 to have entries in /etc/hosts and
ssh_known_hosts created in the same way/source.

+ 2
- 2
tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml View File

@@ -52,8 +52,8 @@
{%- if enabled_networks | length > 0 and role_networks and role_networks | length > 0 %},
{%- for network in enabled_networks %}
{%- if network in role_networks %}
[{{ hostvars[host][networks[network]['name'] ~ '_ip'] }}]*,[{{ host }}.{{ networks[network]['name'] }}]*,{% if 1 %}{% endif %}
[{{ host }}.{{ networks[network]['name'] }}.{{ cloud_domain }}]*{% if not loop.last %},{% endif %}
[{{ hostvars[host][networks[network]['name'] ~ '_ip'] }}]*,[{{ host }}.{{ network.lower() }}]*,{% if 1 %}{% endif %}
[{{ host }}.{{ network.lower() }}.{{ cloud_domain }}]*{% if not loop.last %},{% endif %}
{%- endif -%}
{%- endfor -%}
{%- endif -%}

Loading…
Cancel
Save