diff --git a/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml b/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml new file mode 100644 index 000000000..0ebfa4a04 --- /dev/null +++ b/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml @@ -0,0 +1,16 @@ +--- +fixes: + - | + The tripleo-ssh-known-hosts ansible role used the list of network names to + create the different possible hostnames in the ssh_known_hosts file. The + network names do not match the actual network hostnames, like internal_api + vs. internalapi which results in ssh host verification to fail and e.g. + live migration to fail. + + Initial approach in a5bcbc8d015b792b3546ecbb139506f248dacfe8 had to be + reverted as it resulted in errors when the _hostname inventory information + was missing from the ansible inventory. + + This syncs to use the same approach to create the hostname like in + https://review.opendev.org/693010 to have entries in /etc/hosts and + ssh_known_hosts created in the same way/source. diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml b/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml index 27c6713e5..ef9066d32 100644 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml @@ -52,8 +52,8 @@ {%- if enabled_networks | length > 0 and role_networks and role_networks | length > 0 %}, {%- for network in enabled_networks %} {%- if network in role_networks %} - [{{ hostvars[host][networks[network]['name'] ~ '_ip'] }}]*,[{{ host }}.{{ networks[network]['name'] }}]*,{% if 1 %}{% endif %} - [{{ host }}.{{ networks[network]['name'] }}.{{ cloud_domain }}]*{% if not loop.last %},{% endif %} + [{{ hostvars[host][networks[network]['name'] ~ '_ip'] }}]*,[{{ host }}.{{ network.lower() }}]*,{% if 1 %}{% endif %} + [{{ host }}.{{ network.lower() }}.{{ cloud_domain }}]*{% if not loop.last %},{% endif %} {%- endif -%} {%- endfor -%} {%- endif -%}