Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2083765

Summary: Baremetal deployment fails when multiple SSH keys are provided because of broken ironic.conf
Product: OpenShift Container Platform Reporter: Sagi Shnaidman <sshnaidm>
Component: Bare Metal Hardware ProvisioningAssignee: Riccardo Pittau <rpittau>
Bare Metal Hardware Provisioning sub component: ironic QA Contact: Amit Ugol <augol>
Status: CLOSED NOTABUG Docs Contact:
Severity: medium    
Priority: low CC: rpittau
Version: 4.11Keywords: Triaged
Target Milestone: ---   
Target Release: 4.11.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-06-08 12:25:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sagi Shnaidman 2022-05-10 17:55:40 UTC 
Description of problem:

We have an issue with multiple SSH keys. I configure a few SSH keys as it's suggested here in sshKey of install-config.yaml:  https://access.redhat.com/solutions/5638721
sshKey: |
  ssh-rsa ...1st sshKey...
  ssh-rsa ...2nd sshKey...

But then deployment fails with error oslo_config.cfg.ConfigFileParseError: Failed to parse /etc/ironic/ironic.conf: at /etc/ironic/ironic.conf:159, No ':' or '=' found in assignment:  ssh-rsa .....

And here is part of ironic.conf file:

pxe_append_params = nofb nomodeset vga=normal ipa-insecure=1 sshkey="ssh-rsa AAAAB3N ....
ssh-rsa AAAAB3Nz.....
ssh-rsa AAAAB3Nz.....
ssh-rsa AAAAB....." ip=dhcp coreos.live.rootfs_url=http://10.8.34.234:80/images/ironic-python-agent.rootfs ignition.firstboot ignition.platform.id=metal

Seems like all SSH keys are pushed as multi-line to option pxe_append_params and it breaks ironic.conf cause it's INI file.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

1. Put a multiline ssh key in install-config.yaml

sshKey: |
  ssh-rsa ...1st sshKey...
  ssh-rsa ...2nd sshKey...

Actual results:

Deployment fails with error oslo_config.cfg.ConfigFileParseError: Failed to parse /etc/ironic/ironic.conf: at /etc/ironic/ironic.conf:159, No ':' or '=' found in assignment:  ssh-rsa .....

Expected results:

Deployment pass

Additional info:

ironic.conf is broken with multiline SSH key.
Comment 1 Riccardo Pittau 2022-06-02 07:23:20 UTC 
@sshnaidm we don't support multiple ssh keys there, the link you're pointing to is an unverified solution for OCP 4.6
as you can see from the official documentation related to install-config.yaml, only one ssh key is allowed: https://docs.openshift.com/container-platform/4.10/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.html
Comment 2 Sagi Shnaidman 2022-06-02 08:22:30 UTC 
I see, thanks. Can we prevent somehow generation of broken ironic.conf before it's getting late?
Also, maybe worth to convert it to RFE.
Comment 3 Riccardo Pittau 2022-06-08 12:25:05 UTC 
I will convert this to RFEs