New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat(eos_cli_config_gen): Add key_type for ntp.authentication_keys #2258
Conversation
ansible_collections/arista/avd/molecule/eos_cli_config_gen/inventory/host_vars/ntp.yml
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I agree this is a fix since the documentation is misleading, this is also a breaking change for ppl who have worked around the issue by using a clear-text password or by inserting 7
before their password.
@carlbuchmann
Maybe worth postponing to 4.x or at the very least call it out in more detail in release-notes?
Please add a description to draft release-notes as part of this PR.
Alternatively we could remove the default 7 in this PR, and only add the type if it is specifically set. Then the behavior would be 1:1 for existing deployments. We can then add the default in 4.0.
updated the ntp.j2 template with @ClausHolbechArista inputs |
ansible_collections/arista/avd/roles/eos_cli_config_gen/README.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Carl Buchmann <carl.buchmann@arista.com>
ansible_collections/arista/avd/roles/eos_cli_config_gen/templates/eos/ntp.j2
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some small comment that can be ignored if you feel that's enough.
LGTM
|
||
- **NTP authentication keys variables:** | ||
|
||
- `authentication_key.key_type` introduced in 3.8.0 allow you to define the authentication key type. If the key type is not defined, the previous behavior will be preserved. The key type will be set to 7 as default starting in 4.0.0. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably worth stating what the previous behavior is in this otherwise as a common user I don't know where to look for it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's enough for this context - we will capture more info on this in 4.0 when behavior changes.
Change Summary
adding key_type under ntp in eos_cli_config_gen
To prevent impact on existing implementations, the current behaviour will be preserved until AVD 4.0.0 (see release notes)
Starting with AVD 4.0.0, if no key type is defined, type 7 will be default.
Related Issue(s)
Fixes #2211
Component(s) name
arista.avd.eos_cli_config_gen
Proposed changes
Add a variable to define ntp encryption key type and define with type 7, 8a and no key for ntp authentication keys
example ( key 1 will use no key (old behaviour), key 2 type 7 and key 3 type 8a)
How to test
tested without key_type set to confirm type 7 is used and test with other values
output in molecule:
Checklist
User Checklist
Repository Checklist