Skip to content

Fix template sync over SSH on IPv6 #20552

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
lpramuk wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Fix template sync over SSH on IPv6 #20552

lpramuk wants to merge 1 commit into from
+1 −1

Conversation

@lpramuk
Copy link
Contributor

@lpramuk lpramuk commented Dec 19, 2025
edited
Loading

Problem Statement

Template sync tests that use SSH for transport are failing on IPv6 while on IPv4 they pass:

    Could not export:
      git '--git-dir=/tmp/d20251201-23437-yapn4p/.git' '--work-tree=/tmp/d20251201-23437-yapn4p' '-c' 'core.quotePath=true' '-c' 'color.ui=false' 'fetch' '--' 'origin'  2>&1
      status: pid 33515 exit 128
      output: "Host key verification failed.\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n"

Further investigation showed that ssh-keyscan is used with wrong parameter -4:

[D 251218 12:12:36 hosts:198] <SAT_FQDN> executing command: ssh-keyscan -4 -t rsa -p 50126 infra-podman-ipv6.infra > /usr/share/foreman/.ssh/known_hosts
[D 251218 12:12:36 hosts:200] <SAT_FQDN> command result:
    stdout:
    
    stderr:
    getaddrinfo infra-podman-ipv6.infra: Name or service not known
    
    status: 1

Solution

Sanitize ssh-keyscan command:

  • -4 - don't always use ipv4, especially on ipv6
  • sudo -u foreman ... - .ssh/known_hosts file should be owned by user foreman not root
  • >> {key_path}/known_hosts - .ssh/known_hosts file may contain multiple entries, append new entry

Related Issues

SAT-41275

@lpramuk lpramuk self-assigned this Dec 19, 2025
@lpramuk lpramuk added CherryPick PR needs CherryPick to previous branches AutoMerge_Cherry_Picked The cherrypicked PRs of master PR would be automerged if all checks passing Stream Introduced in or relating directly to Satellite Stream/Master 6.16.z 6.17.z 6.18.z Introduced in or relating directly to Satellite 6.18 labels Dec 19, 2025
lpramuk
lpramuk commented Dec 19, 2025
View reviewed changes
pytest_fixtures/component/templatesync.py
# add ssh key to known host
session_target_sat.execute(
f'ssh-keyscan -4 -t rsa -p {git.ssh_port} {git.hostname} > {key_path}/known_hosts'
f"sudo -u foreman sh -c 'ssh-keyscan -t rsa -p {git.ssh_port} {git.hostname} >> {key_path}/known_hosts'"
Copy link
Contributor Author

@lpramuk lpramuk Dec 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes three problems:

  1. -4 - dont always use ipv4, especially on ipv6
  2. sudo -u foreman ... - .ssh/known_hosts file should be owned by user foreman not root
  3. >> {key_path}/known_hosts - .ssh/known_hosts file may contain multiple entries, append new entry

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@lpramuk lpramuk

Labels

6.16.z 6.17.z 6.18.z Introduced in or relating directly to Satellite 6.18 AutoMerge_Cherry_Picked The cherrypicked PRs of master PR would be automerged if all checks passing CherryPick PR needs CherryPick to previous branches Stream Introduced in or relating directly to Satellite Stream/Master

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lpramuk