-
Notifications
You must be signed in to change notification settings - Fork 370
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Building Flatcar SIG images on Azure with OpenSSH 9.0 fails #859
Comments
Ooh, wait. It might be an issue with my local machine, I don't have |
So downgrading my local openssh to |
Based on: hashicorp/packer#11783 (comment) Replacing:
with
did the trick for me. |
So I think the root cause lies in the Ansible provisioner for Packer: hashicorp/packer-plugin-ansible#100. As a workaround, we could try disabling the proxy for provisioner, but it may break some other scenarios I guess. Or use the workaround proposed by @kopiczko above. |
hello guys, did you managed to fix this or find a solution? vsphere-clone.MGlobal: Setting up proxy adapter for Ansible.... |
It looks like the newest
It would be nice to get SFTP to work with Flatcar instead. I think that would be the ultimate solution for this issue. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
This allows a workaround for issue kubernetes-sigs#859 when building host uses OpenSSH version 9.0+, which uses SFTP protocol for SCP instead of a legacy SCP protocol, which right now causes builds to fail with error message as below when Ansible is trying to copy files over to remote host. bash: line 1: /usr/lib/sftp-server: No such file or directory\nscp: Connection closed\r\n" This commit allows users with new OpenSSH version to specify ANSIBLE_SCP_EXTRA_ARGS="-O" to fix their builds. I plan to automate this in another commit, as it should be relatively simple and harmless. Refs kubernetes-sigs#859.
Since OpenSSH 9.0+ 'scp' uses SFTP protocol instead of legacy SCP protocol, which causes building errors like: bash: line 1: /usr/lib/sftp-server: No such file or directory\nscp: Connection closed\r\n"" However, -O option is not available in older OpenSSH version, so we cannot always set it as an option to use. To provide better out-of-the-box experience for users with newer versions of OpenSSH, we conditionally ensure -O is used when used OpenSSH version requires it. See kubernetes-sigs#859 and hashicorp/packer-plugin-ansible#100 for more details. Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
This allows a workaround for issue kubernetes-sigs#859 when building host uses OpenSSH version 9.0+, which uses SFTP protocol for SCP instead of a legacy SCP protocol, which right now causes builds to fail with error message as below when Ansible is trying to copy files over to remote host. bash: line 1: /usr/lib/sftp-server: No such file or directory\nscp: Connection closed\r\n" This commit allows users with new OpenSSH version to specify ANSIBLE_SCP_EXTRA_ARGS="-O" to fix their builds. I plan to automate this in another commit, as it should be relatively simple and harmless. Refs kubernetes-sigs#859.
Since OpenSSH 9.0+ 'scp' uses SFTP protocol instead of legacy SCP protocol, which causes building errors like: bash: line 1: /usr/lib/sftp-server: No such file or directory\nscp: Connection closed\r\n"" However, -O option is not available in older OpenSSH version, so we cannot always set it as an option to use. To provide better out-of-the-box experience for users with newer versions of OpenSSH, we conditionally ensure -O is used when used OpenSSH version requires it. See kubernetes-sigs#859 and hashicorp/packer-plugin-ansible#100 for more details. Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
Below commit messages from squashed commits: images/capi/packer: extract ansible common SSH args to a single place This is done to remove repetition of '-o IdentitiesOnly=yes' to make sure it is consistent across all platforms and to reduce amount of churn when adding new default arguments like we plan as part of mitigating issue with ssh-rsa keys (kubernetes-sigs#905). images/capi/packer: allow specifying extra scp arguments for Ansible This allows a workaround for issue kubernetes-sigs#859 when building host uses OpenSSH version 9.0+, which uses SFTP protocol for SCP instead of a legacy SCP protocol, which right now causes builds to fail with error message as below when Ansible is trying to copy files over to remote host. bash: line 1: /usr/lib/sftp-server: No such file or directory\nscp: Connection closed\r\n" This commit allows users with new OpenSSH version to specify ANSIBLE_SCP_EXTRA_ARGS="-O" to fix their builds. I plan to automate this in another commit, as it should be relatively simple and harmless. Refs kubernetes-sigs#859. images/capi/packer: allow using ssh-rsa keys with OpenSSH 8.8+ Since OpenSSH version 8.8+ ssh-rsa key algorithm is disabled by default, which right now causes builds to fail for builders which use OpenSSH version 8.8+. The problematic keys are generated by Ansible plugin for Packer and the problem is currently being discussed in issue hashicorp/packer-plugin-ansible#69. An alternative would be to consider using `use_proxy=false` option in plugin, however we are not sure what could be the implications of this. Given that building machine should be a rather short process, the workaround seem acceptable and actually allows being able to succesfully build images out of the box on more distributions. In implementation, 'PubkeyAcceptedKeyTypes' is used instead of 'PubkeyAcceptedAlgorithms', as it provides better backward compatibility, since 'PubkeyAcceptedAlgorithms' is only available since OpenSSH version 8.4. See issue kubernetes-sigs#905 for more details. Co-authored-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com> images/capi/Makefile: set ANSIBLE_SCP_EXTRA_ARGS="-O" when needed Since OpenSSH 9.0+ 'scp' uses SFTP protocol instead of legacy SCP protocol, which causes building errors like: bash: line 1: /usr/lib/sftp-server: No such file or directory\nscp: Connection closed\r\n"" However, -O option is not available in older OpenSSH version, so we cannot always set it as an option to use. To provide better out-of-the-box experience for users with newer versions of OpenSSH, we conditionally ensure -O is used when used OpenSSH version requires it. See kubernetes-sigs#859 and hashicorp/packer-plugin-ansible#100 for more details. Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com> Co-authored-by: Jeremi Piotrowski <jeremi.piotrowski@gmail.com>
What steps did you take and what happened:
Running
FLATCAR_VERSION=current make build-azure-sig-flatcar
on version a09b089 currently fails with the following error:What did you expect to happen:
Build do succeed.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
Project (Image Builder for Cluster API):
Additional info for Image Builder for Cluster API related issues:
/etc/os-release
, orcmd /c ver
): Arch Linuxkubectl version
):/kind bug
[One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels]
The text was updated successfully, but these errors were encountered: