New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mgr/cephadm: ceph cephadm set-user does not reflect the user change in ssh-config #45796
Conversation
@@ -979,6 +979,9 @@ def set_ssh_user(self, user: str) -> Tuple[int, str, str]: | |||
return 0, "value unchanged", "" | |||
|
|||
self._validate_and_set_ssh_val('ssh_user', user, current_user) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't this line supposed to set the ssh_user? this code sets the new value and then calls: self.ssh._reconfig_ssh()
which does the following:
....
if self.mgr.mode == 'root':
self.mgr.ssh_user = self.mgr.get_store('ssh_user', default='root')
elif self.mgr.mode == 'cephadm-package':
self.mgr.ssh_user = 'cephadm'
....
so it seems that in order to change the ssh_user self.mgr.mode
must be root
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes it sets the ssh_user kv but set-user should also change the value in ssh-config:
Host *
User root <------------
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ConnectTimeout=30
This is the changes I added. I may be missing something here...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To give a bit of info on the root vs. package mode thing, way back there was an idea to allow users to just have a cephadm package installed on the host that we would use for all cephadm commands. While the code for it still exists (https://github.com/ceph/ceph/blob/master/src/pybind/mgr/cephadm/serve.py#L1328) it's never properly worked and has been effectively deprecated for 2 years or so. That beings said, it would still be easy enough to respect it here. We would just need to only change the config like this in cases where if self.mode == 'root'
passes. Although, since package mode isn't used at all afaik and is mostly likely just broken currently it really wouldn't make a tangible difference and I don't particularly care if we change this to worry about it or not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM after these flake8 issues are fixed. As for the root vs. package thing you can fix it if you'd like but I'm okay with it either way.
Fixes: https://tracker.ceph.com/issues/54618 Signed-off-by: Teoman ONAY <tonay@redhat.com>
e50d459
to
071f72a
Compare
jenkins test api |
2 Failures
To summarize, run was passing. Will start tracking this type of lvm batch failure to see if it happens on the same hosts (which would imply a possible hardware issue) in https://tracker.ceph.com/issues/55319 |
Changing the user account used by cephadm for its ssh connections is not applied to the ssh-config.
Fixes: https://tracker.ceph.com/issues/54618
Signed-off-by: Teoman ONAY tonay@redhat.com