Project

General

Profile

Actions

Bug #38332

open

Ensure host key cleanup of /usr/share/foreman-proxy/.ssh/known_hosts on the Foreman (or Smart-Proxy) server when first remote execution is using Ansible

Added by Nofar Alfassi 2 days ago. Updated 2 days ago.

Status:
Ready For Testing
Priority:
Normal
Assignee:
Target version:
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Foreman tries to keep track which Smart-Proxies were used to run remote execution jobs for which hosts, and if Foreman determines it is the first execution, it tries to remove the known host keys from `/usr/share/foreman-proxy/.ssh/known_hosts` before trying to connect to the host.

This cleanup mechanism works as follows:
If the first remote execution job run against a specific host uses script, then the cleanup mechanism works. i.e., it checks `/usr/share/foreman-proxy/.ssh/known_hosts` on the Foreman (or Smart-Proxy) server, and if an old host key is stored there, it removes it.
If the first remote execution job run against a specific host uses Ansible, the hosts key cleanup is not performed. This still counts as an execution through a proxy, and when a remote execution job using a script is executed, the hosts key cleanup does not take place because it is not the first remote task executed against the host.

A problem arises when the remote execution job run against a specific host uses Ansible. When this occurs, the old host key is not removed from `/usr/share/foreman-proxy/.ssh/known_hosts` on the Foreman (or Smart-Proxy) server. In this case, if a remote execution job using script is then run against the host, it fails due to the old host key still present in `/usr/share/foreman-proxy/.ssh/known_hosts` on the Foreman (or Smart-Proxy) server.

Actions #1

Updated by The Foreman Bot 2 days ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/smart_proxy_ansible/pull/99 added
Actions

Also available in: Atom PDF