Fixes #21449 - Drop host from known hosts on proxies #451
Conversation
app/models/concerns/foreman_remote_execution/orchestration/ssh.rb
Outdated
Show resolved
Hide resolved
adamruzicka
force-pushed
the
known-hosts
branch
from
0925ad8
to
b2c6d9b
Compare
|
I tested this by applying it on a foreman-1.22.1 server and it seems currently the keys are only removed from known_hosts upon deletion but kept when only re-building a host. To completely solve #21449 I believe the keys need to also be removed when re-building a host. |
|
@tux93 thank you for testing this. As far as I understood, with these changes the keys should be removed even on rebuild. Looks like I'll have to look into it a bit more EDIT: Oh, I see. Good catch |
adamruzicka
force-pushed
the
known-hosts
branch
from
b2c6d9b
to
cca744d
Compare
|
Tests are green-ish |
|
I tried again with the current state and keys are still only removed upon deletion, not rebuild, though that could also be due to the old foreman version on my test system |
adamruzicka
force-pushed
the
known-hosts
branch
from
e70bddc
to
f943e8d
Compare
app/models/concerns/foreman_remote_execution/orchestration/ssh.rb
Outdated
Show resolved
Hide resolved
adamruzicka
force-pushed
the
known-hosts
branch
from
f943e8d
to
56936ff
Compare
| extend ActiveSupport::Concern | ||
|
|
||
| included do | ||
| register_rebuild(:rebuild_ssh, N_("SSH_#{self.to_s.split('::').first}")) |
There was a problem hiding this comment.
What is this good for? I wasn't able to trigger anything using just this, I had to trigger things from after_validation callback
|
I got around to re-test today and it works now for rebuilding too! |
|
oh actually not merging, tests failures are related |
adamruzicka
force-pushed
the
known-hosts
branch
from
56936ff
to
35e65ba
Compare
|
[test foreman_remote_execution] |
|
@tux93 could you please try this one more time? |
|
Re-tested with the latest version of the patch and it still works for me |
|
[test foreman_remote_execution] |
1 similar comment
|
[test foreman_remote_execution] |
adamruzicka
force-pushed
the
known-hosts
branch
2 times, most recently
from
7446648
to
9e42dad
Compare
|
|
||
| def should_drop_from_known_hosts? | ||
| host, = host_kind_target | ||
| host && host.build && host.changes.key?('build') && !orchestration_errors? |
There was a problem hiding this comment.
Style/SafeNavigation: Use safe navigation (&.) instead of checking if an object exists before calling the method.
| end | ||
|
|
||
| def queue_ssh_destroy | ||
| return unless should_drop_from_known_hosts? |
There was a problem hiding this comment.
Layout/EmptyLineAfterGuardClause: Add empty line after guard clause.
There was a problem hiding this comment.
shouldn't we disable this cop? We've decided to disable it in core.. (theforeman/foreman#7518) this is exactly the case where it doesn't deserve the blank line.
There was a problem hiding this comment.
I'm all in for this
adamruzicka
force-pushed
the
known-hosts
branch
from
9e42dad
to
71151dc
Compare
|
|
||
| def should_drop_from_known_hosts? | ||
| host, = host_kind_target | ||
| host && host.build && host.changes.key?('build') |
There was a problem hiding this comment.
Style/SafeNavigation: Use safe navigation (&.) instead of checking if an object exists before calling the method.
There was a problem hiding this comment.
this is still on, even though I'm not sure I like the new style more 🤔
| host && host.build && host.changes.key?('build') | |
| host&.build && host&.changes&.key?('build') |
|
|
||
| def should_drop_from_known_hosts? | ||
| host, = host_kind_target | ||
| host && host.build && host.changes.key?('build') |
There was a problem hiding this comment.
this is still on, even though I'm not sure I like the new style more 🤔
| host && host.build && host.changes.key?('build') | |
| host&.build && host&.changes&.key?('build') |
| end | ||
|
|
||
| def queue_ssh_destroy | ||
| return unless should_drop_from_known_hosts? |
There was a problem hiding this comment.
shouldn't we disable this cop? We've decided to disable it in core.. (theforeman/foreman#7518) this is exactly the case where it doesn't deserve the blank line.
|
We're finally 🍏 |
app/models/concerns/foreman_remote_execution/orchestration/ssh.rb
Outdated
Show resolved
Hide resolved
|
WWFJ |
|
nooo! now we go again! xD I wanted to squash xD |
|
I can always dig through reflog and un-squash it if you want it that bad :) |
Nah xD It was just about Jenkins being almost done xD and now he goes again 🕐 |
|
🍏 |
No description provided.