Bug 1331077 - sshd doesn't start during installation [NEEDINFO]
Summary: sshd doesn't start during installation
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 24
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: ZedoraTracker F24FinalFreezeException
TreeView+ depends on / blocked
 
Reported: 2016-04-27 16:07 UTC by Jan Stodola
Modified: 2016-05-07 11:45 UTC (History)
10 users (show)

(edit)
Clone Of:
: 1331753 (view as bug list)
(edit)
Last Closed: 2016-05-07 11:45:30 UTC
jjelen: needinfo? (anaconda-maint-list)


Attachments (Terms of Use)
journalctl (179.16 KB, text/plain)
2016-04-27 16:08 UTC, Jan Stodola
no flags Details

Description Jan Stodola 2016-04-27 16:07:44 UTC
Description of problem:
sshd fails to start during installation with the inst.sshd option on the kernel command line:

[anaconda root@localhost /]# systemctl status anaconda-sshd
● anaconda-sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/anaconda-sshd.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2016-04-27 15:33:21 UTC; 15min ago
  Process: 1530 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=203/EXEC)

Apr 27 15:33:21 localhost systemd[1]: Starting OpenSSH server daemon...
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Control process exited, code=exited status=203
Apr 27 15:33:21 localhost systemd[1]: Failed to start OpenSSH server daemon.
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Unit entered failed state.
Apr 27 15:33:21 localhost systemd[1]: anaconda-sshd.service: Failed with result 'exit-code'.
[anaconda root@localhost /]# systemctl status anaconda-sshd

From journalctl:
...
systemd[1530]: anaconda-sshd.service: Failed at step EXEC spawning /usr/sbin/sshd-keygen: No such file or directory
...

This seems to be related to changes in openssh, bug 1325535



Version-Release number of selected component (if applicable):
anaconda 24.13.4-1
openssh-7.2p2-4.fc24

How reproducible:
always

Steps to Reproduce:
1. append "inst.sshd" on the kernel command line when starting the installation
2. try to log in via ssh when the installer starts

Actual results:
connections refused, sshd not running

Expected results:
able to connect, sshd is running

Additional info:
This issue makes it harder to debug installer related issues, and it prevents from manual installation on s390x, since login via ssh is necessary to proceed with manual installation.

Comment 1 Jan Stodola 2016-04-27 16:08 UTC
Created attachment 1151464 [details]
journalctl

Comment 2 Fedora Blocker Bugs Application 2016-04-27 16:12:17 UTC
Proposed as a Freeze Exception for 24-final by Fedora user jstodola using the blocker tracking app because:

 Proposing as an exception, since this bug prevents from manual installations on s390x and makes it harder to debug issues during installation on other architectures.

Comment 3 David Shea 2016-04-27 17:01:23 UTC
(In reply to Jan Stodola from comment #0)
> From journalctl:
> ...
> systemd[1530]: anaconda-sshd.service: Failed at step EXEC spawning
> /usr/sbin/sshd-keygen: No such file or directory
> ...

How about openssh doesn't remove essential scripts without a change request or something.

Comment 4 Jakub Jelen 2016-04-28 08:46:18 UTC
(In reply to David Shea from comment #3)
> (In reply to Jan Stodola from comment #0)
> > From journalctl:
> > ...
> > systemd[1530]: anaconda-sshd.service: Failed at step EXEC spawning
> > /usr/sbin/sshd-keygen: No such file or directory
> > ...
> 
> How about openssh doesn't remove essential scripts without a change request
> or something.

Yes, that would be nice. I agree that the change came quite late [1]. Sorry about that. But as we are already there, it would be nice if anaconda would sync up with openssh.

Earlier we got report (bug #1066615), that we should not call sshd-keygen as ExecStartPre, which should have been probably reflected in anaconda unit earlier (is the discussed unit this one [2]?). Can anaconda-sshd start also after sshd-keygen.target as normal sshd does it now [3]?

[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/RAVATCRUEWV7FX56Z2BV32RWPTT2YGAO/#2AHH4AFYYDWPE6SUG3ZCQJKNAXNUWDT7
[2] https://github.com/rhinstaller/anaconda/blob/master/data/systemd/anaconda-sshd.service
[3] http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/sshd.service#n5

Comment 5 Jakub Jelen 2016-04-28 11:43:12 UTC
To resolve this issue, we need to cooperate. There are two possibilities at this time:

 1) I can hack back  /usr/sbin/sshd-keygen  script for F24 to make your unit work in this release and fill you a new bug for F25 which would request syncing your unit to depend on up-to-date openssh  sshd-keygen.target  or hack that somehow different.

 2) You can update your unit now, which will save us some trouble in the future.

FYI we also updated the service type and exec part according to systemd requirements.

Let me know about the expectations and priorities, so we can move on.

Comment 6 Jakub Jelen 2016-04-29 12:19:07 UTC
No response. So I suspect the first option is the only one.

I built the package with legacy sshd-keygen. It will be soon in updates testing.

Comment 7 Fedora Update System 2016-04-29 12:41:42 UTC
openssh-7.2p2-6.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-72ba8169a1

Comment 8 Fedora Update System 2016-04-29 17:21:25 UTC
openssh-7.2p2-6.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-72ba8169a1

Comment 9 Fedora Update System 2016-05-07 11:45:25 UTC
openssh-7.2p2-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.