Error in "copy jump host key" task when Jetski is rerun
ashishkamra opened this issue · 4 comments
How to reproduce:
- Run Jetski. It fails due to some error.
- Run it again without cleaning up the provisioning host IP from .ssh/known_hosts.
- Get the following error (which does not stop the automation I guess the next task fixes it).
TASK [bootstrap : copy jump host key] ****************************************************************************************
Wednesday 03 June 2020 14:45:54 -0400 (0:00:00.054) 0:16:31.923 ********
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "echo '' | sshpass ssh-copy-id -o 'StrictHostKeyChecking no' -f root@e25-h13-740xd.alias.bos.scalelab.redhat.com\n", "delta": "0:00:00.702687", "end": "2020-06-03 14:45:55.746118", "msg": "non-zero return code", "rc": 1, "start": "2020-06-03 14:45:55.043431", "stderr": "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ECDSA key sent by the remote host is\nSHA256:10N4QV8CRcM5VABglZxbOHY/S+wMwsp/YBCDE2yI54o.\r\nPlease contact your system administrator.\r\nAdd correct host key in /home/akamra/.ssh/known_hosts to get rid of this message.\r\nOffending ECDSA key in /home/akamra/.ssh/known_hosts:1\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\nroot@e25-h13-740xd.alias.bos.scalelab.redhat.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "stderr_lines": ["@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@", "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @", "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@", "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!", "Someone could be eavesdropping on you right now (man-in-the-middle attack)!", "It is also possible that a host key has just been changed.", "The fingerprint for the ECDSA key sent by the remote host is", "SHA256:10N4QV8CRcM5VABglZxbOHY/S+wMwsp/YBCDE2yI54o.", "Please contact your system administrator.", "Add correct host key in /home/akamra/.ssh/known_hosts to get rid of this message.", "Offending ECDSA key in /home/akamra/.ssh/known_hosts:1", "Password authentication is disabled to avoid man-in-the-middle attacks.", "Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.", "root@e25-h13-740xd.alias.bos.scalelab.redhat.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password)."], "stdout": "", "stdout_lines": []}
...ignoring
TASK [bootstrap : remove key and add again] **********************************************************************************
Wednesday 03 June 2020 14:45:55 -0400 (0:00:01.097) 0:16:33.021 ********
ok: [localhost]
That should be a non-fatal error, hence ignore_errors: true was set for that task. This should in no way impact your run @ashishkamra
Yup, it does not impact the run. Just wanted to report it so that it can be looked at some point.
This is expected behavior
See https://github.com/redhat-performance/JetSki/blob/master/ansible-ipi-install/roles/bootstrap/tasks/25_copykeys.yml#L8
Since this task fails, the next task is run that removes and add keys: https://github.com/redhat-performance/JetSki/blob/master/ansible-ipi-install/roles/bootstrap/tasks/25_copykeys.yml#L10
Analogy would be trial and error, it tries and since it failed it knows what to do next. The error is harmless and is part of the functionality.
It's working like how it should. Let me know if it's OK to close this issue @ashishkamra
ok, sounds good. thanks.