particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test/api: ssh key fixes for RHEL 9.0

Browse source 
RHEL 9.0 AWS API test is failing with

  Host key verification failed.

This is probably due to a recent change in openssh deprecating rsa host
keys (or likely rsa keys in general).
- turn off StrictHostKeyChecking when checking groups
- use 'ed25519' type for user ssh keys

Signed-off-by: Achilleas Koutsou <achilleas@koutsou.net>
This commit is contained in:
Achilleas Koutsou 2021-11-05 18:58:36 +01:00 committed by Ondřej Budai
parent 8ef0cfe618
commit affe02ceed
1 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
test/cases/api.sh
View file

@ -457,7 +457,7 @@ else
fi fi
# generate a temp key for user tests # generate a temp key for user tests
ssh-keygen -t rsa -f /tmp/usertest -C "usertest" -N "" ssh-keygen -t rsa-sha2-512 -f /tmp/usertest -C "usertest" -N ""
function createReqFileAWS() { function createReqFileAWS() {
AWS_SNAPSHOT_NAME=$(uuidgen) AWS_SNAPSHOT_NAME=$(uuidgen)
@ -813,7 +813,7 @@ function _instanceWaitSSH() {
for LOOP_COUNTER in {0..30}; do for LOOP_COUNTER in {0..30}; do
if ssh-keyscan "$HOST" > /dev/null 2>&1; then if ssh-keyscan "$HOST" > /dev/null 2>&1; then
echo "SSH is up!" echo "SSH is up!"
# ssh-keyscan "$PUBLIC_IP" | sudo tee -a /root/.ssh/known_hosts ssh-keyscan "$HOST" | sudo tee -a /root/.ssh/known_hosts
break break
fi fi
echo "Retrying in 5 seconds... $LOOP_COUNTER" echo "Retrying in 5 seconds... $LOOP_COUNTER"
@ -904,14 +904,14 @@ function verifyInAWS() {
_instanceCheck "$_ssh" _instanceCheck "$_ssh"
# Check access to user1 and user2 # Check access to user1 and user2
check_groups=$(ssh -i /tmp/usertest "user1@$HOST" -t 'groups') check_groups=$(ssh -oStrictHostKeyChecking=no -i /tmp/usertest "user1@$HOST" -t 'groups')
if [[ $check_groups =~ "wheel" ]]; then if [[ $check_groups =~ "wheel" ]]; then
echo "✔️ user1 has the group wheel" echo "✔️ user1 has the group wheel"
else else
echo 'user1 should have the group wheel 😢' echo 'user1 should have the group wheel 😢'
exit 1 exit 1
fi fi
check_groups=$(ssh -i /tmp/usertest "user2@$HOST" -t 'groups') check_groups=$(ssh -oStrictHostKeyChecking=no -i /tmp/usertest "user2@$HOST" -t 'groups')
if [[ $check_groups =~ "wheel" ]]; then if [[ $check_groups =~ "wheel" ]]; then
echo 'user2 should not have group wheel 😢' echo 'user2 should not have group wheel 😢'
exit 1 exit 1
@ -1003,7 +1003,7 @@ function verifyInGCP() {
# Verify that the image boots and have customizations applied # Verify that the image boots and have customizations applied
# Create SSH keys to use # Create SSH keys to use
GCP_SSH_KEY="$WORKDIR/id_google_compute_engine" GCP_SSH_KEY="$WORKDIR/id_google_compute_engine"
ssh-keygen -t rsa -f "$GCP_SSH_KEY" -C "$SSH_USER" -N "" ssh-keygen -t rsa-sha2-512 -f "$GCP_SSH_KEY" -C "$SSH_USER" -N ""
GCP_SSH_METADATA_FILE="$WORKDIR/gcp-ssh-keys-metadata" GCP_SSH_METADATA_FILE="$WORKDIR/gcp-ssh-keys-metadata"
echo "${SSH_USER}:$(cat "$GCP_SSH_KEY".pub)" > "$GCP_SSH_METADATA_FILE" echo "${SSH_USER}:$(cat "$GCP_SSH_KEY".pub)" > "$GCP_SSH_METADATA_FILE"
@ -1045,7 +1045,7 @@ function verifyInAzure() {
# Verify that the image boots and have customizations applied # Verify that the image boots and have customizations applied
# Create SSH keys to use # Create SSH keys to use
AZURE_SSH_KEY="$WORKDIR/id_azure" AZURE_SSH_KEY="$WORKDIR/id_azure"
ssh-keygen -t rsa -f "$AZURE_SSH_KEY" -C "$SSH_USER" -N "" ssh-keygen -t rsa-sha2-512 -f "$AZURE_SSH_KEY" -C "$SSH_USER" -N ""
# Create network resources with predictable names # Create network resources with predictable names
$AZURE_CMD network nsg create --resource-group "$AZURE_RESOURCE_GROUP" --name "nsg-$TEST_ID" --location "$AZURE_LOCATION" $AZURE_CMD network nsg create --resource-group "$AZURE_RESOURCE_GROUP" --name "nsg-$TEST_ID" --location "$AZURE_LOCATION"