From 2a17775514009754175cb94a963bf44ea410e1ca Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Thu, 8 Aug 2019 14:20:57 +0100
Subject: [PATCH] Restrict ncclient to 0.6.2 to avoid unknown host key issue

Juniper physical network device configuration fails when running the
following command:

kayobe physical network configure --group switches

The error is as follows:

fatal: [switch]: FAILED! => {
        "msg": "Unknown host key [<key>] for [[<IP>]:830]"
}

This is due to a bug [1] in ncclient.

This patch avoids the issue by pinning ncclient to version 0.6.2 or
lower.

[1] https://github.com/ncclient/ncclient/issues/302

Change-Id: I7ecd6cd3460bea56d0ab9cb221d0ef5b5ec2d0bb
Story: 2006378
Task: 36174
---
 ansible/roles/junos-switch/tasks/main.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/junos-switch/tasks/main.yml b/ansible/roles/junos-switch/tasks/main.yml
index 88d6fe84b..26bbba0a8 100644
--- a/ansible/roles/junos-switch/tasks/main.yml
+++ b/ansible/roles/junos-switch/tasks/main.yml
@@ -4,7 +4,10 @@
 - name: Ensure python dependencies are installed
   local_action:
     module: pip
-    name: ncclient
+    # NOTE(mgoddard): Restrict ncclient to 0.6.2 or less, due to a bug in host
+    # key checking: https://github.com/ncclient/ncclient/issues/302.
+    # TODO(mgoddard): Remove this restriction when ncclient has been fixed.
+    name: ncclient<=0.6.2
     virtualenv: "{{ lookup('env', 'VIRTUAL_ENV') | default(omit, true) }}"
   become: "{{ lookup('env', 'VIRTUAL_ENV') == None }}"