From d6541e624e6c98de12f3d04e659349c6aea69891 Mon Sep 17 00:00:00 2001 From: Martin Schuppert Date: Wed, 13 Nov 2019 17:54:26 +0100 Subject: [PATCH] Fix ssh_known_hosts hostname entries The tripleo-ssh-known-hosts ansible role used the list of network names to create the different possible hostnames in the ssh_known_hosts file. The network names do not match the actual network hostnames, like internal_api vs. internalapi which results in ssh host verification to fail and e.g. live migration to fail. Initial approach in a5bcbc8d015b792b3546ecbb139506f248dacfe8 had to be reverted as it resulted in errors when the _hostname inventory information was missing from the ansible inventory. Also syncs to use the same approach to create the hostname like in https://review.opendev.org/693010 to have entries in /etc/hosts and ssh_known_hosts created in the same way/source. Closes-Bug: #1852064 Change-Id: Ie04d0f0cd9474070bffd153fa3dddee9f304a14f --- .../fix_ssh-known-hosts-22738bc60fdc2f62.yaml | 16 ++++++++++++++++ .../roles/tripleo-ssh-known-hosts/tasks/main.yml | 4 ++-- 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml diff --git a/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml b/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml new file mode 100644 index 000000000..0ebfa4a04 --- /dev/null +++ b/releasenotes/notes/fix_ssh-known-hosts-22738bc60fdc2f62.yaml @@ -0,0 +1,16 @@ +--- +fixes: + - | + The tripleo-ssh-known-hosts ansible role used the list of network names to + create the different possible hostnames in the ssh_known_hosts file. The + network names do not match the actual network hostnames, like internal_api + vs. internalapi which results in ssh host verification to fail and e.g. + live migration to fail. + + Initial approach in a5bcbc8d015b792b3546ecbb139506f248dacfe8 had to be + reverted as it resulted in errors when the _hostname inventory information + was missing from the ansible inventory. + + This syncs to use the same approach to create the hostname like in + https://review.opendev.org/693010 to have entries in /etc/hosts and + ssh_known_hosts created in the same way/source. diff --git a/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml b/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml index 27c6713e5..ef9066d32 100644 --- a/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo-ssh-known-hosts/tasks/main.yml @@ -52,8 +52,8 @@ {%- if enabled_networks | length > 0 and role_networks and role_networks | length > 0 %}, {%- for network in enabled_networks %} {%- if network in role_networks %} - [{{ hostvars[host][networks[network]['name'] ~ '_ip'] }}]*,[{{ host }}.{{ networks[network]['name'] }}]*,{% if 1 %}{% endif %} - [{{ host }}.{{ networks[network]['name'] }}.{{ cloud_domain }}]*{% if not loop.last %},{% endif %} + [{{ hostvars[host][networks[network]['name'] ~ '_ip'] }}]*,[{{ host }}.{{ network.lower() }}]*,{% if 1 %}{% endif %} + [{{ host }}.{{ network.lower() }}.{{ cloud_domain }}]*{% if not loop.last %},{% endif %} {%- endif -%} {%- endfor -%} {%- endif -%}