fix 1900 failures of the following case issue:
`name[casing]: All names should start with an uppercase letter.`
Signed-off-by: Ryan Lerch <rlerch@redhat.com>
We run the playbook first against the `copr-be-temp.aws..`
inventory_hostname, and then once more against `copr-be.aws..`. We need
to re-sign the pub keys for the later run.
https://pagure.io/fedora-infrastructure/issue/11006
It should be redundant and we observe strage things such as 4x
removing and adding ssh keys, having to manualy confirm "Are you sure
you want to continue connecting (yes/no/[fingerprint])?" and so
on. Let's try to disable the role.
Seems like either the RHEL 8 (batcave) or Fedora 35 system (Fedora Copr
Infra) prefers ed25519 keys over rsa, leading to weird auth problems:
TASK [allow root ssh connections] ***************************************************************************************************************************
Monday 29 November 2021 13:06:43 +0000 (0:00:00.314) 0:00:03.632 *******
Monday 29 November 2021 13:06:43 +0000 (0:00:00.314) 0:00:03.632 *******
fatal: [copr-be-dev.aws.fedoraproject.org]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"copr-be-dev.aws.fedoraproject.org\". Make sure this host can be reached over ssh: Certificate invalid: name is not a listed principal\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ED25519 key sent by the remote host is\nSHA256:Cgs/aoJl9OJheAtZZ2CDiYx9ZeFMwD6dUYUJpPDTl58.\r\nPlease contact your system administrator.\r\nAdd correct host key in /root/.ssh/known_hosts to get rid of this message.\r\nOffending RSA key in /root/.ssh/known_hosts:21\r\nED25519 host key for copr-be-dev.aws.fedoraproject.org has changed and you have requested strict checking.\r\nHost key verification failed.\r\n", "unreachable": true}
This lets us move forward with the tomorrow's update. The previous
hack(s) were not OK.
We observed a situation when two keys were specified in known_hosts, and
only one was removed by the playbook. At least we think this is what is
actually happening.
To allow the initial postfix start:
Nov 11 10:38:33 107.20.83.139 postfix/sendmail[26023]: warning: valid_hostname: numeric hostname: 107.20.83.139
Nov 11 10:38:33 107.20.83.139 postfix/sendmail[26023]: fatal: unable to use my own hostname
Nov 11 10:38:33 107.20.83.139 postfix[26025]: warning: valid_hostname: numeric hostname: 107.20.83.139
Nov 11 10:38:33 107.20.83.139 postfix[26025]: fatal: unable to use my own hostname
For some reason they can be started even if
baseiptables: False
maybe because the variable was initially set to True
and then switched to False, so the iptables were
already enabled.
