Opened 6 months ago

Last modified 6 months ago

#33412 new defect

ganeti cluster backend is IPv4-only

Reported by: anarcat Owned by: tpa
Priority: High Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I tried to reboot the ganeti cluster yesterday and it failed with:

root@fsn-node-04.torproject.org: Permission denied (publickey).

weasel diagnosed this as:

16:57:08 <weasel> etc/ssh/userkeys/root only has v4 addresses in from=..
16:57:22 <weasel> that is probably a bug.

Child Tickets

Change History (1)

comment:1 Changed 6 months ago by anarcat

Summary: ganeti-reboot-cluster fails to connect to all nodesganeti cluster backend is IPv4-only

I looked into fixing this in Puppet, but that is quite involved: the IP address passed into the ganeti module is carried not only in the authorized_keys but also the ipsec and ferm modules, which makes it a bit too "tangly" for a hot fix.

but it is definitely something that needs fixing in puppet in any case: we don't want to rely on "legacy" IPv4 like we're doing now.

for now i hacked at the ganeti-reboot-cluster script to add -4 to all ssh calls.

Note: See TracTickets for help on using tickets.