New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #21449 - Drop host from known hosts on proxies #451
Conversation
app/models/concerns/foreman_remote_execution/orchestration/ssh.rb
Outdated
Show resolved
Hide resolved
0925ad8
to
b2c6d9b
Compare
I tested this by applying it on a foreman-1.22.1 server and it seems currently the keys are only removed from known_hosts upon deletion but kept when only re-building a host. To completely solve #21449 I believe the keys need to also be removed when re-building a host. |
@tux93 thank you for testing this. As far as I understood, with these changes the keys should be removed even on rebuild. Looks like I'll have to look into it a bit more EDIT: Oh, I see. Good catch |
b2c6d9b
to
cca744d
Compare
Tests are green-ish |
I tried again with the current state and keys are still only removed upon deletion, not rebuild, though that could also be due to the old foreman version on my test system |
e70bddc
to
f943e8d
Compare
app/models/concerns/foreman_remote_execution/orchestration/ssh.rb
Outdated
Show resolved
Hide resolved
f943e8d
to
56936ff
Compare
extend ActiveSupport::Concern | ||
|
||
included do | ||
register_rebuild(:rebuild_ssh, N_("SSH_#{self.to_s.split('::').first}")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is this good for? I wasn't able to trigger anything using just this, I had to trigger things from after_validation callback
I got around to re-test today and it works now for rebuilding too! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @adamruzicka and @tux93 for testing, merging now!
oh actually not merging, tests failures are related |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tests
56936ff
to
35e65ba
Compare
[test foreman_remote_execution] |
@tux93 could you please try this one more time? |
Re-tested with the latest version of the patch and it still works for me |
[test foreman_remote_execution] |
1 similar comment
[test foreman_remote_execution] |
7446648
to
9e42dad
Compare
|
||
def should_drop_from_known_hosts? | ||
host, = host_kind_target | ||
host && host.build && host.changes.key?('build') && !orchestration_errors? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style/SafeNavigation: Use safe navigation (&.) instead of checking if an object exists before calling the method.
end | ||
|
||
def queue_ssh_destroy | ||
return unless should_drop_from_known_hosts? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Layout/EmptyLineAfterGuardClause: Add empty line after guard clause.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't we disable this cop? We've decided to disable it in core.. (theforeman/foreman#7518) this is exactly the case where it doesn't deserve the blank line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm all in for this
9e42dad
to
71151dc
Compare
|
||
def should_drop_from_known_hosts? | ||
host, = host_kind_target | ||
host && host.build && host.changes.key?('build') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Style/SafeNavigation: Use safe navigation (&.) instead of checking if an object exists before calling the method.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is still on, even though I'm not sure I like the new style more 🤔
host && host.build && host.changes.key?('build') | |
host&.build && host&.changes&.key?('build') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just nitpicks, but 👮♂️ is unhappy now.
|
||
def should_drop_from_known_hosts? | ||
host, = host_kind_target | ||
host && host.build && host.changes.key?('build') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is still on, even though I'm not sure I like the new style more 🤔
host && host.build && host.changes.key?('build') | |
host&.build && host&.changes&.key?('build') |
end | ||
|
||
def queue_ssh_destroy | ||
return unless should_drop_from_known_hosts? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't we disable this cop? We've decided to disable it in core.. (theforeman/foreman#7518) this is exactly the case where it doesn't deserve the blank line.
We're finally 🍏 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
works as expected, just don't understand why do we care about Ansible proxies here 🤔
app/models/concerns/foreman_remote_execution/orchestration/ssh.rb
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could simplify, apart of it, I'm good and I can ignore redmine and squash on merge 👍
nooo! now we go again! xD I wanted to squash xD |
I can always dig through reflog and un-squash it if you want it that bad :) |
Nah xD It was just about Jenkins being almost done xD and now he goes again 🕐 |
🍏 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @adamruzicka !
No description provided.