openstack/kayobe
Code Issues Proposed changes

Merge "Support skipping SSH keyscan for older switch devices"

Browse Source
This commit is contained in:
Zuul 2024-09-14 11:05:09 +00:00 committed by Gerrit Code Review
commit 6b37698527
4 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ansible/inventory/group_vars/all/switches/keyscan Normal file
View File

@ -0,0 +1,5 @@
---
# Whether to skip scanning SSH keys for switches. In some cases scanning SSH
# keys may fail e.g. due to unsupported key exchange algorithms on older
# devices. Default is false.
switch_skip_keyscan: false

7
ansible/physical-network.yml
View File

@ -117,6 +117,7 @@
default(100) }} default(100) }}
roles: roles:
- role: ssh-known-host - role: ssh-known-host
when: not switch_skip_keyscan | bool
- role: arista-switch - role: arista-switch
arista_switch_type: "{{ switch_type }}" arista_switch_type: "{{ switch_type }}"
@ -133,6 +134,7 @@
default(100) }} default(100) }}
roles: roles:
- role: ssh-known-host - role: ssh-known-host
when: not switch_skip_keyscan | bool
- role: dell-switch - role: dell-switch
dell_switch_type: "{{ switch_type }}" dell_switch_type: "{{ switch_type }}"
@ -150,6 +152,7 @@
default(100) }} default(100) }}
roles: roles:
- role: ssh-known-host - role: ssh-known-host
when: not switch_skip_keyscan | bool
- role: stackhpc.network.dell_powerconnect_switch - role: stackhpc.network.dell_powerconnect_switch
dell_powerconnect_switch_type: "{{ switch_type }}" dell_powerconnect_switch_type: "{{ switch_type }}"
@ -166,6 +169,7 @@
default(100) }} default(100) }}
roles: roles:
- role: ssh-known-host - role: ssh-known-host
when: not switch_skip_keyscan | bool
- role: junos-switch - role: junos-switch
junos_switch_type: "{{ switch_type }}" junos_switch_type: "{{ switch_type }}"
@ -183,6 +187,7 @@
default(100) }} default(100) }}
roles: roles:
- role: ssh-known-host - role: ssh-known-host
when: not switch_skip_keyscan | bool
- role: stackhpc.network.mellanox_switch - role: stackhpc.network.mellanox_switch
mellanox_switch_type: "{{ switch_type }}" mellanox_switch_type: "{{ switch_type }}"
@ -199,6 +204,7 @@
default(100) }} default(100) }}
roles: roles:
- role: ssh-known-host - role: ssh-known-host
when: not switch_skip_keyscan | bool
- role: nclu-switch - role: nclu-switch
nclu_switch_config: "{{ switch_config }}" nclu_switch_config: "{{ switch_config }}"
@ -209,6 +215,7 @@
gather_facts: no gather_facts: no
roles: roles:
- role: ssh-known-host - role: ssh-known-host
when: not switch_skip_keyscan | bool
- role: nvue-switch - role: nvue-switch
nvue_switch_config: "{{ switch_config }}" nvue_switch_config: "{{ switch_config }}"

9
doc/source/configuration/reference/physical-network.rst
View File

@ -181,6 +181,15 @@ example:
description: compute0 description: compute0
config: "{{ switch_interface_config_compute }}" config: "{{ switch_interface_config_compute }}"
Support for Older Devices
=========================
Some network devices may use SSH key exchange algorithms that are no longer
supported by the Ansible control host. This will cause ``ssh-keyscan`` to fail,
preventing Kayobe from configuring the devices. To work around this, set
``switch_skip_keyscan`` to ``true`` for the affected devices. The SSH known
hosts file on the Ansible control host will need to be populated manually.
.. _physical-network-device-specific: .. _physical-network-device-specific:
Device-specific Configuration Variables Device-specific Configuration Variables

6
releasenotes/notes/switch-skip-keyscan-23b1f5006f443323.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
Adds support for skipping SSH keyscan when configuring switches using
``kayobe physical network configure`` using a ``switch_skip_keyscan``
variable.