Bug 1331753

Summary: anaconda should not depend on legacy sshd-keygen script during install
Product: [Fedora] Fedora Reporter: Jakub Jelen <jjelen>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: 25CC: anaconda-maint-list, extras-qa, g.kaviyarasu, jjelen, jonathan, jstodola, mattias.ellert, mgrepl, plautrba, rvykydal, tmraz, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1331077 Environment:
Last Closed: 2017-12-12 10:47:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1359762, 1378378    
Bug Blocks:    

Description Jakub Jelen 2016-04-29 12:45:38 UTC 
+++ This bug was initially created as a clone of Bug #1331077 +++

Description of problem:
sshd fails to start during installation with the inst.sshd option on the kernel command line:

[anaconda root@localhost /]# systemctl status anaconda-sshd
● anaconda-sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/anaconda-sshd.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2016-04-27 15:33:21 UTC; 15min ago
  Process: 1530 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=203/EXEC)

Apr 27 15:33:21 localhost systemd[1]: Starting OpenSSH server daemon...
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Control process exited, code=exited status=203
Apr 27 15:33:21 localhost systemd[1]: Failed to start OpenSSH server daemon.
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Unit entered failed state.
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Failed with result 'exit-code'.
[anaconda root@localhost /]# systemctl status anaconda-sshd

From journalctl:
...
systemd[1530]: anaconda-sshd.service: Failed at step EXEC spawning /usr/sbin/sshd-keygen: No such file or directory
...

This seems to be related to changes in openssh, bug 1325535

Version-Release number of selected component (if applicable):
anaconda 24.13.4-1
openssh-7.2p2-4.fc24

How reproducible:
always

Steps to Reproduce:
1. append "inst.sshd" on the kernel command line when starting the installation
2. try to log in via ssh when the installer starts

Actual results:
connections refused, sshd not running

Expected results:
able to connect, sshd is running

Additional info:
This issue makes it harder to debug installer related issues, and it prevents from manual installation on s390x, since login via ssh is necessary to proceed with manual installation.

--- Additional comment from Jakub Jelen on 2016-04-28 10:46:18 CEST ---

(In reply to David Shea from comment #3)
> (In reply to Jan Stodola from comment #0)
> > From journalctl:
> > ...
> > systemd[1530]: anaconda-sshd.service: Failed at step EXEC spawning
> > /usr/sbin/sshd-keygen: No such file or directory
> > ...
> 
> How about openssh doesn't remove essential scripts without a change request
> or something.

Yes, that would be nice. I agree that the change came quite late [1]. Sorry about that. But as we are already there, it would be nice if anaconda would sync up with openssh.

Earlier we got report (bug #1066615), that we should not call sshd-keygen as ExecStartPre, which should have been probably reflected in anaconda unit earlier (is the discussed unit this one [2]?). Can anaconda-sshd start also after sshd-keygen.target as normal sshd does it now [3]?

[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/RAVATCRUEWV7FX56Z2BV32RWPTT2YGAO/#2AHH4AFYYDWPE6SUG3ZCQJKNAXNUWDT7
[2] https://github.com/rhinstaller/anaconda/blob/master/data/systemd/anaconda-sshd.service
[3] http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/sshd.service#n5
Comment 1 Jan Kurik 2016-07-26 04:04:49 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.
Comment 2 Jakub Jelen 2016-07-26 07:27:33 UTC 
FYI, I am removing the sshd-keygen from Rawhide and F25 today. It would be great to have the change [1] (recently merged upstream), also in Fedora 25 soon to prevent failures.

[1] https://github.com/rhinstaller/anaconda/pull/701
Comment 3 Radek Vykydal 2016-09-22 09:19:24 UTC 
https://github.com/rhinstaller/lorax/issues/153
runtime-cleanup.tmpl removes sshd-keygen, breaks sshd
Comment 4 Radek Vykydal 2016-09-22 12:01:19 UTC 
(In reply to Radek Vykydal from comment #3)
> https://github.com/rhinstaller/lorax/issues/153
> runtime-cleanup.tmpl removes sshd-keygen, breaks sshd

Filed bug 1378378.
Comment 5 Fedora End Of Life 2017-12-12 10:47:52 UTC 
Fedora 25 changed to end-of-life (EOL) status on 2017-12-12. Fedora 25 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.