Bug #38332
open
Ensure host key cleanup of /usr/share/foreman-proxy/.ssh/known_hosts on the Foreman (or Smart-Proxy) server when first remote execution is using Ansible
Description
Foreman tries to keep track which Smart-Proxies were used to run remote execution jobs for which hosts, and if Foreman determines it is the first execution, it tries to remove the known host keys from `/usr/share/foreman-proxy/.ssh/known_hosts` before trying to connect to the host.
This cleanup mechanism works as follows:
If the first remote execution job run against a specific host uses script, then the cleanup mechanism works. i.e., it checks `/usr/share/foreman-proxy/.ssh/known_hosts` on the Foreman (or Smart-Proxy) server, and if an old host key is stored there, it removes it.
If the first remote execution job run against a specific host uses Ansible, the hosts key cleanup is not performed. This still counts as an execution through a proxy, and when a remote execution job using a script is executed, the hosts key cleanup does not take place because it is not the first remote task executed against the host.
A problem arises when the remote execution job run against a specific host uses Ansible. When this occurs, the old host key is not removed from `/usr/share/foreman-proxy/.ssh/known_hosts` on the Foreman (or Smart-Proxy) server. In this case, if a remote execution job using script is then run against the host, it fails due to the old host key still present in `/usr/share/foreman-proxy/.ssh/known_hosts` on the Foreman (or Smart-Proxy) server.
Updated by The Foreman Bot 23 days ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/smart_proxy_ansible/pull/99 added
Updated by