#7341 Unknown ssh hostkey on bodhi-web-temp-bodhi.app.os.stg.fedoraproject.org
Closed: Fixed a year ago Opened a year ago by bowlofeggs.

  • Describe what you need us to do:
    Bodhi's upgrade playbook fails due to an unknown ssh hostkey on a host I've not heard of before:
[bowlofeggs@batcave01 ansible][PROD] 🎩︎ sudo rbac-playbook manual/upgrade/bodhi.yml && sudo rbac-playbook openshift-apps/bodhi.yml 
EXECV: /usr/bin/sudo -i /bin/bash -i -c cd /srv/web/infra/ansible ; /usr/bin/python2 /usr/bin/ansible-playbook /srv/web/infra/ansible/playbooks/manual/upgrade/bodhi.yml

PLAY [check to see if a mash is going on before we do anything...] ************************************************************************************************************************************************

TASK [Check for the existance of a mashing lock.] *****************************************************************************************************************************************************************
Wednesday 31 October 2018  21:22:20 +0000 (0:00:00.085)       0:00:00.085 ***** 
 [WARNING]: Consider using the get_url or uri module rather than running curl.  If you need to use command because get_url or uri is insufficient you can add warn=False to this command task or set
command_warnings=False in ansible.cfg to get rid of this message.

changed: [bodhi-backend02.phx2.fedoraproject.org]
changed: [bodhi-backend01.phx2.fedoraproject.org]
changed: [bodhi-backend01.stg.phx2.fedoraproject.org]

TASK [Fail if we found that a mash was in progress] ***************************************************************************************************************************************************************
Wednesday 31 October 2018  21:22:21 +0000 (0:00:01.095)       0:00:01.180 ***** 
skipping: [bodhi-backend01.phx2.fedoraproject.org]
[DEPRECATION WARNING]: The __init__.pyc callback plugin should be updated to use the _get_item_label method instead. This feature will be removed in version 2.11. Deprecation warnings can be disabled by setting
 deprecation_warnings=False in ansible.cfg.
skipping: [bodhi-backend02.phx2.fedoraproject.org]
skipping: [bodhi-backend01.stg.phx2.fedoraproject.org]

PLAY [push packages out] ******************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
Wednesday 31 October 2018  21:22:22 +0000 (0:00:00.100)       0:00:01.281 ***** 
The authenticity of host 'bodhi-web-temp-bodhi.app.os.stg.fedoraproject.org (' can't be established.
RSA key fingerprint is SHA256:feiYP7i+aNHgTCCiS/x+WPLZfA8bEDfLfuBlVPcR5X4.
RSA key fingerprint is MD5:da:18:7d:32:26:89:9d:2a:ec:bd:5f:f3:9a:59:5c:55.
Are you sure you want to continue connecting (yes/no)? The authenticity of host 'bodhi-web-temp-bodhi.app.os.fedoraproject.org (' can't be established.
RSA key fingerprint is SHA256:xHI2R6QsCD29r0YphPYRWLmg6Kszbd9AOCeJDKxfJLc.
RSA key fingerprint is MD5:f1:54:11:5f:0b:82:df:30:4d:3a:e5:17:91:e1:00:96.
Are you sure you want to continue connecting (yes/no)?

Of course, I don't want to answer yes to it because I'm not aware of such a host, and because afaik we have a CA for this.

  • When do you need this? (YYYY/MM/DD)

  • When is this no longer needed or useful? (YYYY/MM/DD)
    If the playbook starts working again.

  • If we cannot complete your request, what is the impact?
    I have to use the -l flag to work around this.

Actually, I just remembered that I can use -l bodhi-backend01.phx2.fedoraproject.org to work around this, so the impact is incorrect above.

This is because of:

  • name: push packages out
    hosts: bodhi-backend:bodhi-backend-stg:bodhi2:bodhi2-stg
    user: root

bodhi2 group used to be the vm frontends, but now those are gone and the only thing in the bodhi2 group is the pseuto host we have in inventory only so we can assign fedmsg variables to openshift apps.

Fixed in ansible 84af1a4e2dbe5472deba42035970d01034381179


Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.