Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions
ansible/tasks
History
Pavel Raiskup ad89a66878 tasks/aws_cloud.yml: prefer ed25519 keys for now 
Seems like either the RHEL 8 (batcave) or Fedora 35 system (Fedora Copr
Infra) prefers ed25519 keys over rsa, leading to weird auth problems:

TASK [allow root ssh connections] ***************************************************************************************************************************
Monday 29 November 2021  13:06:43 +0000 (0:00:00.314)       0:00:03.632 *******
Monday 29 November 2021  13:06:43 +0000 (0:00:00.314)       0:00:03.632 *******
fatal: [copr-be-dev.aws.fedoraproject.org]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"copr-be-dev.aws.fedoraproject.org\". Make sure this host can be reached over ssh: Certificate invalid: name is not a listed principal\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that a host key has just been changed.\r\nThe fingerprint for the ED25519 key sent by the remote host is\nSHA256:Cgs/aoJl9OJheAtZZ2CDiYx9ZeFMwD6dUYUJpPDTl58.\r\nPlease contact your system administrator.\r\nAdd correct host key in /root/.ssh/known_hosts to get rid of this message.\r\nOffending RSA key in /root/.ssh/known_hosts:21\r\nED25519 host key for copr-be-dev.aws.fedoraproject.org has changed and you have requested strict checking.\r\nHost key verification failed.\r\n", "unreachable": true}

This lets us move forward with the tomorrow's update.  The previous
hack(s) were not OK.
2021-11-29 14:21:52 +01:00
..
aws_cloud.yml tasks/aws_cloud.yml: prefer ed25519 keys for now 2021-11-29 14:21:52 +01:00
cloud_setup_basic.yml use python3-libselinux 2021-01-19 10:09:54 +01:00
confine_ssh.yml Add the confine_ssh task 2014-08-26 18:28:27 +00:00
happy_birthday.yml Need to also check for the variable 2017-12-07 01:31:17 +00:00
motd.yml Tag this further. 2014-12-17 20:41:50 +00:00
openvpn_client.yml Move the rest of yum: to package: as well 2017-10-09 00:38:26 +02:00
openvpn_client_7.yml Move the rest of yum: to package: as well 2017-10-09 00:38:26 +02:00
osbs_certs.yml configure stage koji to point to osbs.stg instead of osbs-dev 2016-04-14 15:13:33 +00:00
osbs_koji_token.yml Setup OSBS orchestrated cluster in prod 2018-07-04 08:58:30 +02:00
persistent_cloud.yml re-add tasks/persistent_cloud.yml as it is used by copr 2020-05-13 14:08:37 -07:00
postfix_basic.yml Fix tasks/postfix.yaml and roles/basic/tasks/postfix.yaml to match 2021-02-17 19:17:50 -05:00
rdiff_backup_server.yml yum accepted pkg=, package calls it name= 2017-10-09 00:38:26 +02:00
reg-server.yml Fix up registry 2018-10-16 18:53:51 +00:00
restart_unbound.yml Attempt to run the restart_unbound sequence on reboot if necessary. 2013-12-20 00:46:24 +00:00
serialgetty.yml Fix all tasks to not use old action: statements. 2016-01-06 21:25:10 +00:00
swap.yml swap: make it idempotent 2020-04-24 21:34:26 +02:00
virt_instance_create.yml virt-instance-create: drop old non efi armv7 stuff 2021-05-25 14:17:29 -07:00
yumrepos.yml yumrepos: be RHEL7/CentOS7 compatible 2021-03-30 14:36:04 +02:00