Bug 2237000

Summary: Banner text is not being displayed for overcloud hosts
Product: Red Hat OpenStack Reporter: mlaniel
Component: openstack-tripleo-heat-templatesAssignee: Rabi Mishra <ramishra>
Status: CLOSED ERRATA QA Contact: David Rosenfeld <drosenfe>
Severity: medium Docs Contact:
Priority: medium    
Version: 17.1 (Wallaby)CC: aruffin, bshephar, drosenfe, fboboc, jjoyce, jpretori, mariel, mburns, prgutier, ralfieri, ramishra, riramos, tkuroda
Target Milestone: z3Keywords: Triaged
Target Release: 17.1   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-14.3.1-17.1.20231103010837.el9ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2024-05-22 20:42:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description mlaniel 2023-09-02 17:09:28 UTC 
Overcloud nodes are deployed without banner text message, even if one was configured.
If I understand correctly, the condition used to set 'tripleo_sshd_banner_enabled' in tripleo template file 'sshd-baremetal-ansible.yaml' seems to be inverted:


BannerText sets an empty string as default:
 ~~~
   BannerText:
     default: ''
     description: Configures Banner text in sshd_config
     type: string
 ~~~


ssh_banner_text_empty fetches the value of BannerText and checks if it is equal to '' (empty).
If BannerText is empty, ssh_banner_text_empty value will be true. 
If BannerText contains data, ssh_banner_text_empty value will be false.  #<--- should be set 'false' in test case [1]
 ~~~
 conditions:
   ssh_banner_text_empty: {equals: [{get_param: BannerText}, '']}
 ~~~


Variable tripleo_sshd_banner_enabled is defined by the 'if' statement.
If ssh_banner_text_empty is true, then tripleo_sshd_banner_enabled will be set to true.
If ssh_banner_text_empty is false, then tripleo_sshd_banner_enabled will be set to false.
 ~~~
             tripleo_sshd_banner_enabled:
               if:
                 - ssh_banner_text_empty
                 - true   # <--- should be false?
                 - false   # <--- should be true?
 ~~~


[1] Truncated from extraconfig.yaml
parameter_defaults:
  BannerText: |
    TEST MESSAGE

Reproducible: Always

Actual Results:  
[stack@undercloud ~]$ grep -A2 tripleo_sshd_banner_enabled ./overcloud-deploy/overcloud/config-download/overcloud/Compute/host_prep_tasks.yaml
    tripleo_sshd_banner_enabled: false 
    tripleo_sshd_banner_text: 'TEST MESSAGE'

Expected Results:  
[stack@undercloud ~]$ grep -A2 tripleo_sshd_banner_enabled ./overcloud-deploy/overcloud/config-download/overcloud/Compute/host_prep_tasks.yaml
    tripleo_sshd_banner_enabled: true 
    tripleo_sshd_banner_text: 'TEST MESSAGE'

-A customer raised this issue
-I checked the follwing: https://opendev.org/openstack/tripleo-heat-templates/src/branch/stable/wallaby/deployment/sshd/sshd-baremetal-ansible.yaml
-Also validated we have the same in a RHOSP17.1 lab (Red Hat OpenStack Platform release 17.1.0 (Wallaby))
-Variable 'tripleo_sshd_motd_enabled' seems to have the same inverted logic but was not tested yet.
Comment 3 Rabi Mishra 2023-11-15 03:11:10 UTC 
> Is there more we might pull from Verizon that could help?

There was already an upstream patch that should have been merged long back. Now that upstream repos are abandoned, I've backported it downstream which should get into next 17.1 zstream.
Comment 31 errata-xmlrpc 2024-05-22 20:42:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openstack-tripleo-heat-templates and tripleo-ansible update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:2736