Bug 1607853
| Summary: | Instead of symlink there are two REX ssh keypairs in two distinct locations | ||
|---|---|---|---|
| Product: | Red Hat Satellite | Reporter: | Lukas Pramuk <lpramuk> |
| Component: | Installation | Assignee: | satellite6-bugs <satellite6-bugs> |
| Status: | CLOSED ERRATA | QA Contact: | Lukas Pramuk <lpramuk> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.4 | CC: | ehelms, mhulan |
| Target Milestone: | 6.4.0 | Keywords: | Regression, Triaged |
| Target Release: | Unused | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | satellite-installer-6.4.0.7-1.beta | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-10-16 19:18:13 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Lukas Pramuk
2018-07-24 12:23:41 UTC
The rpm rubygem-smart_proxy_remote_execution_ssh-0.2.0-3.el7sat.noarch contains /usr/share/foreman-proxy/.ssh as a symlink.
So the breakage has to be done by installer, and here we go:
----
[ INFO 2018-07-24T12:51:23 main] /Stage[main]/Foreman_proxy::Plugin::Remote_execution::Ssh/File[/usr/share/foreman-proxy/.ssh]: Starting to evaluate the resource
[DEBUG 2018-07-24T12:51:23 main] /Stage[main]/Foreman_proxy::Plugin::Remote_execution::Ssh/File[/usr/share/foreman-proxy/.ssh]: Removing existing link for replacement with directory
[ WARN 2018-07-24T12:51:23 main] /Stage[main]/Foreman_proxy::Plugin::Remote_execution::Ssh/File[/usr/share/foreman-proxy/.ssh]/ensure: ensure changed 'link' to 'directory'
[DEBUG 2018-07-24T12:51:23 main] /Stage[main]/Foreman_proxy::Plugin::Remote_execution::Ssh/File[/usr/share/foreman-proxy/.ssh]: The container Class[Foreman_proxy::Plugin::Remote_execution::Ssh] will propagate my refresh event
----
>>> Installer ensures back changed 'link' to 'directory', so removes symlink and generates new ssh keypair and you end up with two different keypairs
this should be now ready for testing in linked MR The consequence is that after upgrade to 6.4, REX on all existing hosts stop working!!! Since existing ssh keypair was moved out to /var/lib/foreman-proxy/ssh and instead the symlink to it a new keypair is generated in /usr/share/foreman-proxy/.ssh VERIFIED. @satellite-6.4.0-10.beta.el7sat.noarch (Snap14) tfm-rubygem-foreman_ansible-2.2.5-1.el7sat.noarch tfm-rubygem-foreman_ansible_core-2.1.1-1.el7sat.noarch rubygem-smart_proxy_ansible-2.0.2-3.el7sat.noarch ansible-2.6.1-1.el7ae.noarch by manual reproducer from comment #0: 2) Check whether keypairs match: # diff /var/lib/foreman-proxy/ssh/id_rsa_foreman_proxy /usr/share/foreman-proxy/.ssh # ll /usr/share/foreman-proxy/.ssh lrwxrwxrwx. 1 root root 26 Jul 25 05:43 /usr/share/foreman-proxy/.ssh -> /var/lib/foreman-proxy/ssh >>> ssh keypairs match since there is a symlinked directory 3) Check installer default for ssh identity dir: # satellite-installer -h | grep identity-dir --foreman-proxy-plugin-remote-execution-ssh-ssh-identity-dir Directory where SSH keys are stored (current: "/var/lib/foreman-proxy/ssh") >>> ssh identity dir default is correctly migrated to the new default value Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2927 |