Bug 1968364

Summary: [Azure] when using ssh type ed25519 bootstrap fails to come up
Product: OpenShift Container Platform Reporter: Fatima <fshaikh>
Component: InstallerAssignee: aos-install
Installer sub component: openshift-installer QA Contact: MayXu <maxu>
Status: CLOSED ERRATA Docs Contact:
Severity: low    
Priority: low CC: cchandra, gpei, jialiu, mstaeble, tsze
Version: 4.8   
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: The UPI ARM templates are attaching an ssh key to the VM instances created. Consequence: The creation of the VMs fails when the ssh key provided by the user is the ed25519 type. Fix: Do not attach an ssh key to the VM instances, since the ssh key is not used. Result: The creation of the VMs succeeds regardless of the type of the ssk key provided by the user.
 Story Points: ---
Clone Of:
: 2030937 (view as bug list) Environment:
Last Closed: 2022-03-10 16:03:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2030937    

Comment 7 To Hung Sze 2021-07-12 18:31:37 UTC 
This is a valid problem with UPI install.

ed25519 with IPI. Comment #3 was due to something else.
Comment 8 To Hung Sze 2021-07-16 18:31:51 UTC 
Clarifying my comment above (and clearing NEEDINFO).

Azure IPI works with ed25519 but not UPI.

Please see Matthew's https://bugzilla.redhat.com/show_bug.cgi?id=1968364#c2.
Comment 9 Russell Teague 2021-07-19 15:06:18 UTC 
Thanks, we'll look addressing this as Matthew stated in comment 2.
Comment 10 Russell Teague 2021-08-02 17:48:19 UTC 
Needs prioritized.
Comment 11 Russell Teague 2021-08-24 17:39:03 UTC 
Will review again for a future sprint.
Comment 12 MayXu 2021-11-25 05:23:20 UTC 
verified ed25519 type and RSA (2048)
based on https://github.com/openshift/installer/blob/master/docs/user/azure/install_upi.md

setup cluster, master and bootstrap can be connected with ssh. 

cluster are health. 

version info:
../openshift-install 4.9.0-0.nightly-2021-11-22-163611
built from commit 1c538b8949f3a0e5b993e1ae33b9cd799806fa93

azure ARM template file 
https://github.com/openshift/installer/pull/5407/commits (e17798925dc291fd43da904fb78b08ab9a77d5ab)
Comment 15 MayXu 2021-12-02 09:40:19 UTC 
verified with ed25519 type key (~/.ssh/id_rsa)
jsonfiles under https://github.com/openshift/installer/tree/master/upi/azure c2f7e3c351516e73a65da15da6701f59fd81c33e

$ ./openshift-install version
./openshift-install 4.10.0-0.nightly-2021-12-01-164437
built from commit 6fc5df3e0e0248910b9f4f5f4153c2a9790c9063
release image registry.ci.openshift.org/ocp/release@sha256:b8f33e8537d20a7c0407d2d9842e174265d90ce089b02a8ba51b31975c4f2306

UPI install cluster, 

can access bootstap with "ssh -i ~/.ssh/id_rsa core.cloudapp.azure.com"

cat sshNodes.sh
echo boot_host=$boot_host
echo ssh_key_param=$ssh_key_param
ssh $ssh_key_param -t -o StrictHostKeyChecking=no -o ProxyCommand="ssh $ssh_key_param -A -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -W %h:%p core@${boot_host}" core@$1 "sudo -i"

$sshNodes.sh 10.0.0.6 (master)
Warning: Permanently added '20.118.1.134' (ED25519) to the list of known hosts.
...

$sshNodes.sh 10.0.1.5 (worker)
Warning: Permanently added '10.0.1.5' (ED25519) to the list of known hosts. 
...
Comment 16 MayXu 2021-12-03 11:13:52 UTC 
need update the doc .../installing/installing_azure/installing-azure-user-infra.html
remove "--parameters sshKeyData="${SSH_KEY}"  in "az deployment group create..."
Comment 17 Matthew Staebler 2021-12-06 05:16:33 UTC 
Caleb, can you remove the usages of `sshKeyData` from https://github.com/openshift/installer/blob/master/docs/user/azure/install_upi.md?
Comment 18 MayXu 2021-12-06 09:14:19 UTC 
Caleb, based on https://bugzilla.redhat.com/show_bug.cgi?id=1964380, '--parameters privateDNSZoneName' need be removed. 

And suggest get the VHD_URL as the following:
export VHD_URL=$(openshift-install coreos print-stream-json | jq -r '.architectures.x86_64."rhel-coreos-extensions"."azure-disk".url')
Comment 19 Matthew Staebler 2021-12-06 13:45:33 UTC 
(In reply to MayXu from comment #18)
> Caleb, based on https://bugzilla.redhat.com/show_bug.cgi?id=1964380,
> '--parameters privateDNSZoneName' need be removed. 
> 
> And suggest get the VHD_URL as the following:
> export VHD_URL=$(openshift-install coreos print-stream-json | jq -r
> '.architectures.x86_64."rhel-coreos-extensions"."azure-disk".url')

@maxu Those are separate issues unrelated to this BZ.
Comment 21 MayXu 2021-12-07 01:49:00 UTC 
verified https://github.com/openshift/installer/blob/master/docs/user/azure/install_upi.md
Comment 26 errata-xmlrpc 2022-03-10 16:03:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056
Comment 27 Red Hat Bugzilla 2023-09-15 01:09:07 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days