Bug 2234485 - [hackfest] The ssh-key-rotation ansible script broke connectivity to the controller and compute nodes
Summary: [hackfest] The ssh-key-rotation ansible script broke connectivity to the cont...
Keywords:
Status: NEW
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: tripleo-ansible
Version: 17.1 (Wallaby)
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Andre
QA Contact: Joe H. Rahme
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-24 15:32 UTC by camorris@redhat.co
Modified: 2023-09-15 20:54 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-27792 0 None None None 2023-08-24 15:35:46 UTC

Description camorris@redhat.co 2023-08-24 15:32:47 UTC
Description of problem:
ansible-playbook -i ~/overcloud-deploy/overcloud/tripleo-ansible-inventory.yaml /usr/share/ansible/tripleo-playbooks/ssh_key_rotation.yaml --extra-vars "keep_old_key_authorized_keys=true backup_folder_path=/home/stack/backup"

Version-Release number of selected component (if applicable):
17.1

How reproducible:
Unsure, but once it happens it stays broken

Steps to Reproduce:
1. ansible-playbook -i ~/overcloud-deploy/overcloud/tripleo-ansible-inventory.yaml /usr/share/ansible/tripleo-playbooks/ssh_key_rotation.yaml --extra-vars "keep_old_key_authorized_keys=true backup_folder_path=/home/stack/backup"



Actual results:
Connectivity to compute nodes and controller node was broken, even with the keys in the backup folder

Expected results:
SSH Keep working

Additional info:
I think maybe one mistake I did is that the first time I ran this, the folder /home/stack/backup did not exist (I thought Ansible would create it for me). Maybe it didn't and that's why we got stuck with the backup keys not working at all

Comment 1 Takashi Kajinami 2023-08-29 12:41:50 UTC
Carl,

Do you agree we can merge this into https://bugzilla.redhat.com/show_bug.cgi?id=2234492 and look into the problem in that bug
or do you want any additional points being looked into in this separate bug ?

Comment 2 camorris@redhat.co 2023-09-12 17:13:42 UTC
Hi Takashi,

I think we can merge both bugzillas. I don't remember why we raised both of them during the hackfest.


Note You need to log in before you can comment on or make changes to this bug.