standard-test-roles

Clone
Source Code
GIT

#403 add support for TEST_EXTRA_SSH_ARGS
Merged 3 years ago by astepano. Opened 3 years ago by rmeggins.
rmeggins/standard-test-roles extra-ssh-args  into  master

file modified
+9 
@@ -145,6 +145,15 @@ 
 

        ansible_python_interpreter: "{% if vm_python_interpreter != '' %}{{ vm_python_interpreter }}{% else %}/usr/bin/python2{% endif %}"
 

  ```
 

  

+ ## TEST_EXTRA_SSH_ARGS for standard-inventory-qcow2
 

+ 

+ If you are working with very old releases, like EL6, you may have to pass in
 

+ additional SSH arguments to allow newer systems to use older cipher suites.
 

+ For example:
 

+ ```
 

+ TEST_EXTRA_SSH_ARGS="-o PubkeyAcceptedKeyTypes=+ssh-rsa" TEST_SUBJECTS=/path/to/el6.qcow2 ...
 

+ ```
 

+ 

  

  [1]: https://fedoraproject.org/wiki/CI/Metadata
 

  [2]: http://fmf.readthedocs.io/

file modified
+11 -7 
@@ -206,11 +206,11 @@ 
 

      return os.path.join(artifacts, path)
 

  

  

- def inv_list(subjects):
 

+ def inv_list(opts):
 

      hosts = []
 

      variables = {}
 

-     for subject in subjects:
 

-         host_vars = inv_host(subject)
 

+     for subject in opts.subjects:
 

+         host_vars = inv_host(subject, opts)
 

          if host_vars:
 

              hosts.append(subject)
 

              variables[subject] = host_vars
 
@@ -447,7 +447,7 @@ 
 

      return qemu_proc, port, log_guest
 

  

  

- def inv_host(image):
 

+ def inv_host(image, opts):
 

      if not image.endswith((".qcow2", ".qcow2c")):
 

          logger.info("Return empty inventory for image: %s.", image)
 

          return EMPTY_INVENTORY
 
@@ -489,6 +489,9 @@ 
 

      if proc is None:
 

          raise RuntimeError("Could not launch VM for qcow2 image"
 

                             " '{0}':{1}".format(image, cpe.output))
 

+     ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
 

+     if opts.extra_ssh_args:
 

+         ssh_args += " " + opts.extra_ssh_args
 

      for _ in range(0, 600):
 

          try:
 

              # The variables
 
@@ -498,7 +501,7 @@ 
 

                  "ansible_user": DEF_USER,
 

                  "ansible_ssh_pass": DEF_PASSWD,
 

                  "ansible_ssh_private_key_file": identity,
 

-                 "ansible_ssh_common_args": "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
 

+                 "ansible_ssh_common_args": ssh_args,
 

              }
 

              # Write out a handy inventory file, for our use and for debugging
 

              inventory = os.path.join(directory, "inventory")
 
@@ -640,6 +643,7 @@ 
 

      parser = argparse.ArgumentParser(description="Inventory for a QCow2 test image")
 

      parser.add_argument("--list", action="store_true", help="Verbose output")
 

      parser.add_argument('--host', help="Get host variables")
 

+     parser.add_argument('--extra-ssh-args', default=os.environ.get("TEST_EXTRA_SSH_ARGS"), help="Extra arguments to pass to SSH")
 

      parser.add_argument("subjects", nargs="*", default=shlex.split(os.environ.get("TEST_SUBJECTS", "")))
 

      opts = parser.parse_args()
 

      # Send logs to common logfile for all default provisioners.
 
@@ -660,9 +664,9 @@ 
 

          raise Exception("Fail to find ansible.")
 

      logger.info("Path to ansible: %s", ansible_bin)
 

      if opts.host:
 

-         data = inv_host(opts.host)
 

+         data = inv_host(opts.host, opts)

would not it make sense to pass here just the opts as opts.host is obviously part of the opts? (unless this is part of some API).

 
      else:
 

-         data = inv_list(opts.subjects)
 

+         data = inv_list(opts)
 

      # Dump Ansible inventory.
 

      sys.stdout.write(json.dumps(data, indent=4, separators=(',', ': ')))

https://pagure.io/standard-test-roles/issue/400
User can pass in extra SSH arguments to workaround the
issue.

I have confirmed that this allows me to test with EL6 images

lgtm

Technically, this is fine. But here I would like to see some other example. I hope you are not using DSA keys anywhere in production. Something like PubkeyAcceptedKeyTypes=+ssh-rsa should do the same job, as I assume the issue is that the EL6 does not support RSA with SHA2 extensions and RSA with SHA1 is no longer allowed in recent Fedora and EL9.

rebased onto 4a8b8f4
3 years ago

Thanks @jjelen - I have confirmed that ssh-rsa works with EL6.

would not it make sense to pass here just the opts as opts.host is obviously part of the opts? (unless this is part of some API).

Ack to merge, looks reasonable.
Please write comment when the PR is ready to be merged.

would not it make sense to pass here just the opts as opts.host is obviously part of the opts? (unless this is part of some API).

@jjelen inv_host is called from inv_list with the image to use as the first argument

would not it make sense to pass here just the opts as opts.host is obviously part of the opts? (unless this is part of some API).

@jjelen inv_host is called from inv_list with the image to use as the first argument

OK, fine for me.

the PR is ready to be merged

Commit d01971e fixes this pull-request

Pull-Request has been merged by astepano
3 years ago

Pull-Request has been merged by astepano
3 years ago
Metadata
None
No Tags
Changes Summary 2
+9 -0
file changed
README.md
+11 -7
file changed
inventory/standard-inventory-qcow2
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.