Bug 2237000 - Banner text is not being displayed for overcloud hosts
Summary: Banner text is not being displayed for overcloud hosts
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-tripleo-heat-templates
Version: 17.1 (Wallaby)
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: z3
: 17.1
Assignee: Rabi Mishra
QA Contact: David Rosenfeld
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-09-02 17:09 UTC by mlaniel
Modified: 2024-05-22 20:42 UTC (History)
13 users (show)

Fixed In Version: openstack-tripleo-heat-templates-14.3.1-17.1.20231103010837.el9ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2024-05-22 20:42:13 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 895581 0 None ABANDONED Fix tripleo_sshd_banner_enabled and tripleo_sshd_motd_enabled 2024-04-04 18:55:05 UTC
Red Hat Issue Tracker OSP-28077 0 None None None 2023-09-02 17:09:45 UTC
Red Hat Product Errata RHSA-2024:2736 0 None None None 2024-05-22 20:42:16 UTC

Description mlaniel 2023-09-02 17:09:28 UTC 
Overcloud nodes are deployed without banner text message, even if one was configured.
If I understand correctly, the condition used to set 'tripleo_sshd_banner_enabled' in tripleo template file 'sshd-baremetal-ansible.yaml' seems to be inverted:


BannerText sets an empty string as default:
 ~~~
   BannerText:
     default: ''
     description: Configures Banner text in sshd_config
     type: string
 ~~~


ssh_banner_text_empty fetches the value of BannerText and checks if it is equal to '' (empty).
If BannerText is empty, ssh_banner_text_empty value will be true. 
If BannerText contains data, ssh_banner_text_empty value will be false.  #<--- should be set 'false' in test case [1]
 ~~~
 conditions:
   ssh_banner_text_empty: {equals: [{get_param: BannerText}, '']}
 ~~~


Variable tripleo_sshd_banner_enabled is defined by the 'if' statement.
If ssh_banner_text_empty is true, then tripleo_sshd_banner_enabled will be set to true.
If ssh_banner_text_empty is false, then tripleo_sshd_banner_enabled will be set to false.
 ~~~
             tripleo_sshd_banner_enabled:
               if:
                 - ssh_banner_text_empty
                 - true   # <--- should be false?
                 - false   # <--- should be true?
 ~~~


[1] Truncated from extraconfig.yaml
parameter_defaults:
  BannerText: |
    TEST MESSAGE

Reproducible: Always

Actual Results:  
[stack@undercloud ~]$ grep -A2 tripleo_sshd_banner_enabled ./overcloud-deploy/overcloud/config-download/overcloud/Compute/host_prep_tasks.yaml
    tripleo_sshd_banner_enabled: false 
    tripleo_sshd_banner_text: 'TEST MESSAGE'

Expected Results:  
[stack@undercloud ~]$ grep -A2 tripleo_sshd_banner_enabled ./overcloud-deploy/overcloud/config-download/overcloud/Compute/host_prep_tasks.yaml
    tripleo_sshd_banner_enabled: true 
    tripleo_sshd_banner_text: 'TEST MESSAGE'

-A customer raised this issue
-I checked the follwing: https://opendev.org/openstack/tripleo-heat-templates/src/branch/stable/wallaby/deployment/sshd/sshd-baremetal-ansible.yaml
-Also validated we have the same in a RHOSP17.1 lab (Red Hat OpenStack Platform release 17.1.0 (Wallaby))
-Variable 'tripleo_sshd_motd_enabled' seems to have the same inverted logic but was not tested yet.
Comment 3 Rabi Mishra 2023-11-15 03:11:10 UTC 
> Is there more we might pull from Verizon that could help?

There was already an upstream patch that should have been merged long back. Now that upstream repos are abandoned, I've backported it downstream which should get into next 17.1 zstream.
Comment 31 errata-xmlrpc 2024-05-22 20:42:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: openstack-tripleo-heat-templates and tripleo-ansible update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:2736
Note You need to log in before you can comment on or make changes to this bug.