Ignore ssh-keyscan errors on hosts

The linked bug is due to a computed shorthost name that is taken as the first 'word' in a dotted fqdn provided by rDNS when resolving the IP address of a nova-compute host. However, depending on the DNS server, this shorthost may not actually exist in the DNS server. This patchset ignores ssh-keyscans where effectively the host can't be reached and so the shorthost is not added. Change-Id: I9ca82e00a79a3eecf37231620f648683edc0bc95 Closes-Bug: #1849501
2019-10-31 10:59:03 +00:00 · 2019-10-31 10:59:03 +00:00 · 8eca771d02
parent 45988df1ed
commit 8eca771d02
1 changed files with 7 additions and 2 deletions
--- a/hooks/nova_cc_utils.py
+++ b/hooks/nova_cc_utils.py
@ -1187,9 +1187,14 @@ def add_known_host(host, remote_service, user=None):
    try:
        remote_key = subprocess.check_output(cmd).decode('utf-8').strip()
    except Exception as e:
-        hookenv.log('Could not obtain SSH host key from %s' % host,
+        # NOTE(ajkavanagh): Bug#1849501
+        # if we can't get an SSH host key it's probably due to a DNS error for
+        # a short host that doesn't actually exist on the DNS server ... let's
+        # log that and just ignore it.
+        hookenv.log('Could not obtain SSH host key from {}: reason: {}'
+                    .format(host, str(e)),
                    level=hookenv.ERROR)
-        raise e
+        return

    current_key = ssh_known_host_key(host, remote_service, user)
    if current_key and remote_key: