Bug 1855751

Summary: [OSP13->OSP16.1] Automate the addition of PermitRootLogin before running Leapp upgrade
Product: Red Hat OpenStack Reporter: Jose Luis Franco <jfrancoa>
Component: openstack-tripleo-heat-templatesAssignee: Jose Luis Franco <jfrancoa>
Status: CLOSED ERRATA QA Contact: Jesse Pretorius <jpretori>
Severity: medium Docs Contact:
Priority: medium    
Version: 16.1 (Train)CC: gregraka, jamsmith, jpretori, lbezdick, mburns, sgolovat, tvignaud
Target Milestone: z2Keywords: Triaged
Target Release: 16.1 (Train on RHEL 8.2)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-11.3.2-1.20200914170155.29a02c1.el8ost Doc Type: Bug Fix
Doc Text:
Before this update, to successfully run a leapp upgrade during the Framework for Upgrades upgrade (FFU) from RHOSP 13 to RHOSP 16.1, the node where the Red Hat Enterprise Linux upgrade was occurring had to have the `PermitRootLogin` field defined in the ssh config file (`/etc/ssh/sshd_config`). + With this update, the Orchestration service (heat) no longer requires you to modify `/etc/ssh/sshd_config` with the `PermitRootLogin` field.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-28 15:38:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jose Luis Franco 2020-07-10 12:08:47 UTC 
Description of problem:

In order to run leapp upgrade during the FFU from OSP13 to OSP16.1 the node in which the RHEL upgrade will be performed requires to have defined the field "PermitRootLogin" into the ssh config file (/etc/ssh/sshd_config)

Right now, this is beeing addressed via documentation, by suggesting to create a playbook and run it against the overcloud nodes:
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1-beta/html-single/framework_for_upgrades_13_to_16.1/index?lb_target=preview#setting-the-ssh-root-permission-parameter-on-the-overcloud-initial-steps

However, it should be fairly easy to automate such a process inside the tripleo-heat-templates so the customer doesn't need to perform extra steps.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:

Customer needs to run https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1-beta/html-single/framework_for_upgrades_13_to_16.1/index?lb_target=preview#setting-the-ssh-root-permission-parameter-on-the-overcloud-initial-steps to be able to leapp upgrade

Expected results:

Customer will just run the "openstack overcloud upgrade run --tags system_upgrade" command and the field will be inserted automatically before running leapp.

Additional info:
Comment 2 Jesse Pretorius 2020-08-10 15:14:28 UTC 
*** Bug 1852523 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2020-10-28 15:38:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4284