Bug 1651516 - Installation hangs/fails late when SSH host keys are not in ~/.ssh/known_hosts
Summary: Installation hangs/fails late when SSH host keys are not in ~/.ssh/known_hosts
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: cockpit-ovirt
Classification: oVirt
Component: Gdeploy
Version: 0.11.3
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ovirt-4.2.8
: ---
Assignee: Gobinda Das
QA Contact: SATHEESARAN
URL:
Whiteboard:
: 1514490 (view as bug list)
Depends On:
Blocks: 1514466 1649485 cockpit-ovirt-0.11.38
TreeView+ depends on / blocked
 
Reported: 2018-11-20 09:18 UTC by Sahina Bose
Modified: 2019-01-22 10:23 UTC (History)
8 users (show)

Fixed In Version: cockpit-ovirt-0.11.38-1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1649485
Environment:
Last Closed: 2019-01-22 10:23:14 UTC
oVirt Team: Gluster
rule-engine: ovirt-4.2+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 96289 0 master ABANDONED Continue add hosts when SSH host keys are not in ~/.ssh/known_hosts for FQDN 2020-09-07 08:32:32 UTC
oVirt gerrit 96389 0 master MERGED Validating whether FQDN added in known_hosts 2020-09-07 08:32:31 UTC
oVirt gerrit 96530 0 ovirt-4.2 MERGED Validating whether FQDN added in known_hosts 2020-09-07 08:32:31 UTC

Description Sahina Bose 2018-11-20 09:18:58 UTC
+++ This bug was initially created as a clone of Bug #1649485 +++

Description of problem:
This is an RFE to check for accepted host keys before going through ~60 minutes of installation and configuration before hanging indefinitely with no feedback to the user.  The cockpit installer simply hangs forever at "TASK [Set Engine public key as authorized key without validating the TLS/SSL certificates]" 

Root-cause is that cockpit wizard asks for FQDN/IP of target RHV hosts (ovirtmgmt interface), but doesn't check if those values are present in /root/.ssh/known_hosts


Version-Release number of selected component (if applicable):
Applicable to RHHI 1.5 and RHV 4.2.7



Actual results:
Cockpit wizard hangs forever with no feedback at "TASK [Set Engine public key as authorized key without validating the TLS/SSL certificates]"


Expected results:
Cockpit wizard (ansible task) should check for host keys early, and fail if not present in /root/.ssh/known_hosts (e.g. https://docs.ansible.com/ansible/2.5/modules/known_hosts_module.html)

Alternatively, the task could be modified to include "ansible_ssh_extra_args: -o StrictHostKeyChecking=no"

Comment 1 Sahina Bose 2018-11-20 09:20:21 UTC
Is this functionality possible without moving to the Ansible based deployment? If so, we can retarget to 4.2.8

Comment 2 Sahina Bose 2018-11-21 15:11:09 UTC
*** Bug 1514490 has been marked as a duplicate of this bug. ***

Comment 3 Gobinda Das 2018-11-28 05:53:53 UTC
I will take a look

Comment 4 Sahina Bose 2018-12-18 06:36:41 UTC
Can you retarget if there's a fix?

Comment 5 SATHEESARAN 2019-01-17 07:14:03 UTC
(In reply to Sahina Bose from comment #4)
> Can you retarget if there's a fix?

Looks like this bug is already fixed for RHV 4.2.8

Comment 6 SATHEESARAN 2019-01-17 09:07:14 UTC
Tested with RHV 4.2.8 with cockpit-ovirt-dashboard-0.11.38.

This fix is not working.

As I could see from the merged patch, the fix was made to confirm the hosts mentioned
in FQDN tab is available in the known_hosts. Hosts mentioned in the FQDN tabs are additional
hosts. This is not sufficient check. This check should also be there with the gluster hosts
available in the first tab under hostnames.

Comment 7 SATHEESARAN 2019-01-17 09:21:15 UTC
(In reply to SATHEESARAN from comment #6)
> Tested with RHV 4.2.8 with cockpit-ovirt-dashboard-0.11.38.
> 
> This fix is not working.
> 
> As I could see from the merged patch, the fix was made to confirm the hosts
> mentioned
> in FQDN tab is available in the known_hosts. Hosts mentioned in the FQDN
> tabs are additional
> hosts. This is not sufficient check. This check should also be there with
> the gluster hosts
> available in the first tab under hostnames.

Misunderstood the requirement. I got that info from Gobinda and rereading comment0,
this check is implemented only for FQDNs that corresponds to ovirtmgmt interface of additional hosts
Moving this bug back to ON_QA

Comment 8 SATHEESARAN 2019-01-17 09:29:53 UTC
Verified this bug with cockpit-ovirt-dashboard-0.11.38.

Hostnames under FQDN tab are validated that they are available in known_hosts file

Comment 9 Sandro Bonazzola 2019-01-22 10:23:14 UTC
This bugzilla is included in oVirt 4.2.8 release, published on January 22nd 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.2.8 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.