When using standard-inventory-qcow2 on Fedora 33 with some older platforms (e.g. CentOS6), the script appears to hang, and the logs contain errors like this:
sign_and_send_pubkey: no mutual signature supported Permission denied
It seems as though the embedded ssh key used in the script is not the right kind? https://unix.stackexchange.com/questions/630446/ssh-in-fedora-33-error-sign-and-send-pubkey-no-mutual-signature-supported
Make a copy of /usr/share/ansible/inventory/standard-inventory-qcow2 -> /usr/share/ansible/inventory/standard-inventory-qcow2.sshfix Edit at around line 485 - where ansible_ssh_common_args is set - add -o PubkeyAcceptedKeyTypes=+ssh-dss like this:
ansible_ssh_common_args
-o PubkeyAcceptedKeyTypes=+ssh-dss
"ansible_ssh_common_args": "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PubkeyAcceptedKeyTypes=+ssh-dss"
Then run sti tests with /usr/share/ansible/inventory/standard-inventory-qcow2.sshfix
I'm not sure how to fix this. Possibly regenerate the ssh key embedded in the script? Allow to use the users ssh keys? e.g. grab ~/.ssh/id_rsa.pub from the user - assume the user will be running ansible with their ssh private key. Allow the user to specify additional ssh parameters via environment variable?
~/.ssh/id_rsa.pub
STI_ADDITIONAL_SSH_ARGS="-o PubkeyAcceptedKeyTypes=+ssh-dss" TEST_SUBJECTS=/path/to/image.qcow2 ansible-playbook -i /usr/share/ansible/inventory/standard-inventory-qcow2 tests_mytest.yml
This is caused by the following expected change in openssh-clients in Fedora 33: https://bugzilla.redhat.com/show_bug.cgi?id=1881301.
I'm not sure how standard-test-roles work, but if it is supposed to connect systems with unsupported ssh keys, we should apply the workaround to enable these keys in /etc/.ssh/config. The other way is to ensure the systems it connects to use only supported ssh keys. Not sure if that' possible to ensure.
The best way is to regenerate the ssh key embedded in the script make it ed25519. However, before apply this change we need to check backward compatibility with rhel7.
regenerate the ssh key embedded in the script
I'm not sure how standard-test-roles work, but if it is supposed to connect systems with unsupported ssh keys,
I'm guessing that means RHEL-6/CentOS-6. I don't know what you mean by "supposed to" in this context, but the linux-system-roles team has to support EL6 and uses standard-inventory-qcow2 for our CI testing. So IMO it is "supposed to".
we need to check backward compatibility with rhel7
Seems to me the safest way to allow the use of standard-inventory-qcow2 with el6 systems is to allow the user to provide SSH options, perhaps via environment variables.
I faced this on Fedora 34 too. @rmeggins workaround worked for me. Prior to it, the provisioning hung on the netstat -ltpn4 | grep 122881 # to find VNC server port line.
netstat -ltpn4 | grep 122881 # to find VNC server port
Fix - https://pagure.io/standard-test-roles/pull-request/403
Login to comment on this ticket.