Bug 2232241 - kdump role: "Write new authorized_keys if needed" task idempotency issues [NEEDINFO]
Summary: kdump role: "Write new authorized_keys if needed" task idempotency issues
Keywords:
Status: POST
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: rhel-system-roles
Version: 9.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 9.3
Assignee: Rich Megginson
QA Contact: CS System Management SST QE
URL:
Whiteboard: role:kdump
Depends On:
Blocks: 2232391
TreeView+ depends on / blocked
 
Reported: 2023-08-15 21:38 UTC by Brian Smith
Modified: 2023-08-16 19:14 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The new key content had an extra newline at the end. Consequence: The test to see if the new key content was in the current authorized_key list failed, so the key was added every time, and the task was not idempotent. Fix: Ensure the new key value has no extra newline. Use a simple list `in` test to see if the new value is in the existing list. Result: The task to write authorized_keys is idempotent.
Clone Of:
: 2232391 (view as bug list)
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:
rmeggins: needinfo? (djez)
rmeggins: needinfo? (jharuda)
rmeggins: needinfo? (vdanek)
briasmit: needinfo? (rmeggins)

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github linux-system-roles kdump pull 162 0 None open fix: Write new authorized_keys if needed is not idempotent 2023-08-16 00:44:40 UTC
Red Hat Issue Tracker RHELPLAN-165879 0 None None None 2023-08-16 16:05:00 UTC

Description Brian Smith 2023-08-15 21:38:13 UTC 
Description of problem:
The "Write new authorized_keys if needed" task does not appear to be idempotent.  When running the kdump role against a single host for a second time, it will report a change for this task, and the authorized_keys file will end up with a duplicate entry.

When running the kdump role against 2 hosts, each time the role is run, it will alternate showing a change on one host, and on the next run, the other host.  The host that reports a change will have a duplicate entry in the authorized_keys file

Version-Release number of selected component (if applicable):
rhel-system-roles-1.21.1-1.el9_2.noarch

How reproducible:
Every time

Steps to Reproduce:
1. From my controlnode (rhel9-controlnode.example.com) use this inventory file and run the kdump system role several times:

all:
  hosts:
    rhel9-server1.example.com:
    rhel9-server2.example.com:
  vars:
    kdump_target:
      type: ssh
      location: kdump.com
    kdump_path: "/home/kdump/crash"
    kdump_sshkey: "/root/.ssh/kdump_id_rsa"
    kdump_ssh_user: kdump
    kdump_ssh_server: rhel9-controlnode.example.com


Actual results:
After the initial run, subsequent runs of the role report a change on the "Write new authorized_keys if needed" task, alternating each time between showing the change on rhel9-server1.example.com and rhel9-server2.example.com.  The host that reports a change will have a duplicate entry in the authorized_keys file

Expected results:
This task is idempotent and does not report changes on subsequent runs.  Entries are not duplicated in the authorized_keys file.
Comment 1 Rich Megginson 2023-08-16 00:44:41 UTC 
@briasmit can you try out the patch in https://github.com/linux-system-roles/kdump/pull/162 ?
Comment 3 Brian Smith 2023-08-16 19:14:33 UTC 
@rmeggins Yes, this fixed the issue for me.  Thanks!
Note You need to log in before you can comment on or make changes to this bug.