Bug 1409460
Summary: | 'rhui-manager {cds,haproxy} add' wants {cds,haproxy} in known_hosts or ssh connection error | ||
---|---|---|---|
Product: | Red Hat Update Infrastructure for Cloud Providers | Reporter: | Irina Gulina <igulina> |
Component: | Tools | Assignee: | RHUI Bug List <rhui-bugs> |
Status: | CLOSED ERRATA | QA Contact: | Vratislav Hutsky <vhutsky> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.0.0 | CC: | bperkins, lwilliam, mkubik, mminar, rbiba |
Target Milestone: | --- | ||
Target Release: | 3.0.x | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-11-07 14:05:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Irina Gulina
2017-01-02 04:18:33 UTC
I believe this is the expected behavior in our setup. You must use the -u option. So: rhui {cds,haproxy} add {cds,hap}01.example.com ec2-user /root/.ssh/id_rsa_rhua -u Then a message: An SSH error occurred while connecting to ec2-user@{cds,hap}01.example.com:22: Server '{cds,hap}01.example.com' not found in known_hosts. Add it to known_hosts or use '-u/--unsafe' option. would be more helpful. or add a user dialog like in GUI: The SSH host key is not in the known_hosts file. Please confirm that the following SSH host key fingerprint is correct for hap01.example.com: SSH host fingerprint (MD5): 2048 71:04:e2:3d:e7:ef:a8:0d:3d:96:bf:b7:e3:03:7c:78 hap01.example.com (ssh-rsa) SSH host fingerprint (SHA256): PDNvn/nmMAYnqNjkqxmtL6z8LFqkIM5U0i/TRDnUzgw (ssh-rsa) Proceed? (y/n) y Adding a question to the CLI may break scripts that run unattended, in which case there's no one to press 'y'. I'd say the CLI should remain non-interactive by default. I've been looking into this recently and am quite confused. The rhui command refuses to add the node even if the host's key is already saved in known_hosts: [root@rhua ~]# cat .ssh/known_hosts hap01.example.com,10.103.216.138 ecdsa-sha2-nistp256 AAA<snip>kA= [root@rhua ~]# rhui haproxy add hap01.example.com ec2-user /root/.ssh/id_rsa_rhua Checking that instance ports are reachable... [localhost] local: yum install -y nc [localhost] local: nc hap01.example.com 22 < /dev/null Done. An SSH error occurred while connecting to ec2-user.com:22: Server 'hap01.example.com' not found in known_hosts. The SSH connection ought to work, though: [root@rhua ~]# ssh -i /root/.ssh/id_rsa_rhua ec2-user.com Last login: Mon Sep 24 07:34:57 2018 from ns01 [ec2-user@hap01 ~]$ So, something is fundamentally broken here. The paramiko client by default doesn't load the host keys. The command has the option to pass a hosts file for this purpose. I can add the user's known_hosts so it would work similar to openssh client. As for the error message when the fingerprint is not matched, the message comes from the paramiko library and there is no simple way to catch a specific error message and amend it. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3520 |