Bug 1651516

Summary: Installation hangs/fails late when SSH host keys are not in ~/.ssh/known_hosts
Product: [oVirt] cockpit-ovirt Reporter: Sahina Bose <sabose>
Component: GdeployAssignee: Gobinda Das <godas>
Status: CLOSED CURRENTRELEASE QA Contact: SATHEESARAN <sasundar>
Severity: high Docs Contact:
Priority: high    
Version: 0.11.3CC: bugs, dparth, godas, guillaume.pavese, jcall, rhs-bugs, sankarshan, sasundar
Target Milestone: ovirt-4.2.8Flags: rule-engine: ovirt-4.2+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cockpit-ovirt-0.11.38-1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1649485 Environment:
Last Closed: 2019-01-22 10:23:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Gluster RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1514466, 1649485, 1664044    

Description Sahina Bose 2018-11-20 09:18:58 UTC 
+++ This bug was initially created as a clone of Bug #1649485 +++

Description of problem:
This is an RFE to check for accepted host keys before going through ~60 minutes of installation and configuration before hanging indefinitely with no feedback to the user.  The cockpit installer simply hangs forever at "TASK [Set Engine public key as authorized key without validating the TLS/SSL certificates]" 

Root-cause is that cockpit wizard asks for FQDN/IP of target RHV hosts (ovirtmgmt interface), but doesn't check if those values are present in /root/.ssh/known_hosts


Version-Release number of selected component (if applicable):
Applicable to RHHI 1.5 and RHV 4.2.7



Actual results:
Cockpit wizard hangs forever with no feedback at "TASK [Set Engine public key as authorized key without validating the TLS/SSL certificates]"


Expected results:
Cockpit wizard (ansible task) should check for host keys early, and fail if not present in /root/.ssh/known_hosts (e.g. https://docs.ansible.com/ansible/2.5/modules/known_hosts_module.html)

Alternatively, the task could be modified to include "ansible_ssh_extra_args: -o StrictHostKeyChecking=no"
Comment 1 Sahina Bose 2018-11-20 09:20:21 UTC 
Is this functionality possible without moving to the Ansible based deployment? If so, we can retarget to 4.2.8
Comment 2 Sahina Bose 2018-11-21 15:11:09 UTC 
*** Bug 1514490 has been marked as a duplicate of this bug. ***
Comment 3 Gobinda Das 2018-11-28 05:53:53 UTC 
I will take a look
Comment 4 Sahina Bose 2018-12-18 06:36:41 UTC 
Can you retarget if there's a fix?
Comment 5 SATHEESARAN 2019-01-17 07:14:03 UTC 
(In reply to Sahina Bose from comment #4)
> Can you retarget if there's a fix?

Looks like this bug is already fixed for RHV 4.2.8
Comment 6 SATHEESARAN 2019-01-17 09:07:14 UTC 
Tested with RHV 4.2.8 with cockpit-ovirt-dashboard-0.11.38.

This fix is not working.

As I could see from the merged patch, the fix was made to confirm the hosts mentioned
in FQDN tab is available in the known_hosts. Hosts mentioned in the FQDN tabs are additional
hosts. This is not sufficient check. This check should also be there with the gluster hosts
available in the first tab under hostnames.
Comment 7 SATHEESARAN 2019-01-17 09:21:15 UTC 
(In reply to SATHEESARAN from comment #6)
> Tested with RHV 4.2.8 with cockpit-ovirt-dashboard-0.11.38.
> 
> This fix is not working.
> 
> As I could see from the merged patch, the fix was made to confirm the hosts
> mentioned
> in FQDN tab is available in the known_hosts. Hosts mentioned in the FQDN
> tabs are additional
> hosts. This is not sufficient check. This check should also be there with
> the gluster hosts
> available in the first tab under hostnames.

Misunderstood the requirement. I got that info from Gobinda and rereading comment0,
this check is implemented only for FQDNs that corresponds to ovirtmgmt interface of additional hosts
Moving this bug back to ON_QA
Comment 8 SATHEESARAN 2019-01-17 09:29:53 UTC 
Verified this bug with cockpit-ovirt-dashboard-0.11.38.

Hostnames under FQDN tab are validated that they are available in known_hosts file
Comment 9 Sandro Bonazzola 2019-01-22 10:23:14 UTC 
This bugzilla is included in oVirt 4.2.8 release, published on January 22nd 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.2.8 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.