Merge "Support skipping SSH keyscan for older switch devices"

2024-09-14 11:05:09 +00:00 · 2024-09-14 11:05:09 +00:00 · 6b37698527
commit 6b37698527
parent a1b65a9328 7e3e6558de
4 changed files with 27 additions and 0 deletions
--- a/ansible/inventory/group_vars/all/switches/keyscan
+++ b/ansible/inventory/group_vars/all/switches/keyscan
@ -0,0 +1,5 @@
+---
+# Whether to skip scanning SSH keys for switches. In some cases scanning SSH
+# keys may fail e.g. due to unsupported key exchange algorithms on older
+# devices.  Default is false.
+switch_skip_keyscan: false
--- a/ansible/physical-network.yml
+++ b/ansible/physical-network.yml
@ -117,6 +117,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: arista-switch
      arista_switch_type: "{{ switch_type }}"
@ -133,6 +134,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: dell-switch
      dell_switch_type: "{{ switch_type }}"
@ -150,6 +152,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: stackhpc.network.dell_powerconnect_switch
      dell_powerconnect_switch_type: "{{ switch_type }}"
@ -166,6 +169,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: junos-switch
      junos_switch_type: "{{ switch_type }}"
@ -183,6 +187,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: stackhpc.network.mellanox_switch
      mellanox_switch_type: "{{ switch_type }}"
@ -199,6 +204,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: nclu-switch
      nclu_switch_config: "{{ switch_config }}"
@ -209,6 +215,7 @@
  gather_facts: no
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: nvue-switch
      nvue_switch_config: "{{ switch_config }}"
--- a/doc/source/configuration/reference/physical-network.rst
+++ b/doc/source/configuration/reference/physical-network.rst
@ -181,6 +181,15 @@ example:
       description: compute0
       config: "{{ switch_interface_config_compute }}"

+Support for Older Devices
+=========================
+
+Some network devices may use SSH key exchange algorithms that are no longer
+supported by the Ansible control host. This will cause ``ssh-keyscan`` to fail,
+preventing Kayobe from configuring the devices. To work around this, set
+``switch_skip_keyscan`` to ``true`` for the affected devices. The SSH known
+hosts file on the Ansible control host will need to be populated manually.
+
 .. _physical-network-device-specific:

 Device-specific Configuration Variables
--- a/releasenotes/notes/switch-skip-keyscan-23b1f5006f443323.yaml
+++ b/releasenotes/notes/switch-skip-keyscan-23b1f5006f443323.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds support for skipping SSH keyscan when configuring switches using
+    ``kayobe physical network configure`` using a ``switch_skip_keyscan``
+    variable.