Ignore ssh-keyscan errors on hosts
The linked bug is due to a computed shorthost name that is taken as the first 'word' in a dotted fqdn provided by rDNS when resolving the IP address of a nova-compute host. However, depending on the DNS server, this shorthost may not actually exist in the DNS server. This patchset ignores ssh-keyscans where effectively the host can't be reached and so the shorthost is not added. Change-Id: I9ca82e00a79a3eecf37231620f648683edc0bc95 Closes-Bug: #1849501
This commit is contained in:
parent
45988df1ed
commit
8eca771d02
|
@ -1187,9 +1187,14 @@ def add_known_host(host, remote_service, user=None):
|
|||
try:
|
||||
remote_key = subprocess.check_output(cmd).decode('utf-8').strip()
|
||||
except Exception as e:
|
||||
hookenv.log('Could not obtain SSH host key from %s' % host,
|
||||
# NOTE(ajkavanagh): Bug#1849501
|
||||
# if we can't get an SSH host key it's probably due to a DNS error for
|
||||
# a short host that doesn't actually exist on the DNS server ... let's
|
||||
# log that and just ignore it.
|
||||
hookenv.log('Could not obtain SSH host key from {}: reason: {}'
|
||||
.format(host, str(e)),
|
||||
level=hookenv.ERROR)
|
||||
raise e
|
||||
return
|
||||
|
||||
current_key = ssh_known_host_key(host, remote_service, user)
|
||||
if current_key and remote_key:
|
||||
|
|
Loading…
Reference in New Issue