Bug 1968364 - [Azure] when using ssh type ed25519 bootstrap fails to come up
Summary: [Azure] when using ssh type ed25519 bootstrap fails to come up
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.8
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.10.0
Assignee: aos-install
QA Contact: MayXu
URL:
Whiteboard:
Depends On:
Blocks: 2030937
TreeView+ depends on / blocked
 
Reported: 2021-06-07 08:26 UTC by Fatima
Modified: 2023-09-15 01:09 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The UPI ARM templates are attaching an ssh key to the VM instances created. Consequence: The creation of the VMs fails when the ssh key provided by the user is the ed25519 type. Fix: Do not attach an ssh key to the VM instances, since the ssh key is not used. Result: The creation of the VMs succeeds regardless of the type of the ssk key provided by the user.
Clone Of:
: 2030937 (view as bug list)
Environment:
Last Closed: 2022-03-10 16:03:59 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 5407 0 None open Bug 1968364: azure: fix upi bug preventing using ed25519 keys 2021-11-22 21:52:27 UTC
Github openshift installer pull 5456 0 None open Bug 1968364: azure: Update upi docs to remove mentions of sshKeyData 2021-12-06 20:35:49 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:04:25 UTC

Comment 7 To Hung Sze 2021-07-12 18:31:37 UTC
This is a valid problem with UPI install.

ed25519 with IPI. Comment #3 was due to something else.

Comment 8 To Hung Sze 2021-07-16 18:31:51 UTC
Clarifying my comment above (and clearing NEEDINFO).

Azure IPI works with ed25519 but not UPI.

Please see Matthew's https://bugzilla.redhat.com/show_bug.cgi?id=1968364#c2.

Comment 9 Russell Teague 2021-07-19 15:06:18 UTC
Thanks, we'll look addressing this as Matthew stated in comment 2.

Comment 10 Russell Teague 2021-08-02 17:48:19 UTC
Needs prioritized.

Comment 11 Russell Teague 2021-08-24 17:39:03 UTC
Will review again for a future sprint.

Comment 12 MayXu 2021-11-25 05:23:20 UTC
verified ed25519 type and RSA (2048)
based on https://github.com/openshift/installer/blob/master/docs/user/azure/install_upi.md

setup cluster, master and bootstrap can be connected with ssh. 

cluster are health. 

version info:
../openshift-install 4.9.0-0.nightly-2021-11-22-163611
built from commit 1c538b8949f3a0e5b993e1ae33b9cd799806fa93

azure ARM template file 
https://github.com/openshift/installer/pull/5407/commits (e17798925dc291fd43da904fb78b08ab9a77d5ab)

Comment 15 MayXu 2021-12-02 09:40:19 UTC
verified with ed25519 type key (~/.ssh/id_rsa)
jsonfiles under https://github.com/openshift/installer/tree/master/upi/azure c2f7e3c351516e73a65da15da6701f59fd81c33e

$ ./openshift-install version
./openshift-install 4.10.0-0.nightly-2021-12-01-164437
built from commit 6fc5df3e0e0248910b9f4f5f4153c2a9790c9063
release image registry.ci.openshift.org/ocp/release@sha256:b8f33e8537d20a7c0407d2d9842e174265d90ce089b02a8ba51b31975c4f2306

UPI install cluster, 

can access bootstap with "ssh -i ~/.ssh/id_rsa core.cloudapp.azure.com"

cat sshNodes.sh
echo boot_host=$boot_host
echo ssh_key_param=$ssh_key_param
ssh $ssh_key_param -t -o StrictHostKeyChecking=no -o ProxyCommand="ssh $ssh_key_param -A -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -W %h:%p core@${boot_host}" core@$1 "sudo -i"

$sshNodes.sh 10.0.0.6 (master)
Warning: Permanently added '20.118.1.134' (ED25519) to the list of known hosts.
...

$sshNodes.sh 10.0.1.5 (worker)
Warning: Permanently added '10.0.1.5' (ED25519) to the list of known hosts. 
...

Comment 16 MayXu 2021-12-03 11:13:52 UTC
need update the doc .../installing/installing_azure/installing-azure-user-infra.html
remove "--parameters sshKeyData="${SSH_KEY}"  in "az deployment group create..."

Comment 17 Matthew Staebler 2021-12-06 05:16:33 UTC
Caleb, can you remove the usages of `sshKeyData` from https://github.com/openshift/installer/blob/master/docs/user/azure/install_upi.md?

Comment 18 MayXu 2021-12-06 09:14:19 UTC
Caleb, based on https://bugzilla.redhat.com/show_bug.cgi?id=1964380, '--parameters privateDNSZoneName' need be removed. 

And suggest get the VHD_URL as the following:
export VHD_URL=$(openshift-install coreos print-stream-json | jq -r '.architectures.x86_64."rhel-coreos-extensions"."azure-disk".url')

Comment 19 Matthew Staebler 2021-12-06 13:45:33 UTC
(In reply to MayXu from comment #18)
> Caleb, based on https://bugzilla.redhat.com/show_bug.cgi?id=1964380,
> '--parameters privateDNSZoneName' need be removed. 
> 
> And suggest get the VHD_URL as the following:
> export VHD_URL=$(openshift-install coreos print-stream-json | jq -r
> '.architectures.x86_64."rhel-coreos-extensions"."azure-disk".url')

@maxu Those are separate issues unrelated to this BZ.

Comment 26 errata-xmlrpc 2022-03-10 16:03:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Comment 27 Red Hat Bugzilla 2023-09-15 01:09:07 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days


Note You need to log in before you can comment on or make changes to this bug.