When using fedora-create-review, it attempts to upload to <FAS name>.fedorapeople.org. This apparently resolves to the same IP as fedorapeople.org.
fedora-create-review
<FAS name>.fedorapeople.org
fedorapeople.org
However, there is no entry for *.fedorapeople.org in https://admin.fedoraproject.org/ssh_known_hosts nor do there appear to be SSHFP records for the subdomains, i.e., from #9458:
*.fedorapeople.org
$ dig +short fedorapeople.org sshfp 1 1 5829B0460C2E9296BDBD835416C2615DCF80D22A 1 2 B0369E7D313C9F8E7C90EFB53844CB43D98F11A1AB84396767C57BF6 99FF30C3 4 1 B421BA20371EEF0A5392B9A3C40FB1B09D6349E8 4 2 0D352B037C3D4DC2AE9D448B10FA052B8B80AAB74729D22FED0A223D 08C5D5BE $ dig +short qulogic.fedorapeople.org sshfp # Nothing is printed.
ASAP?
When using fedora-create-review, it attempts to upload to <FAS name>.fedorapeople.org.
I'd think that this is the part that needs to be fixed. For ssh you connect to fedorapeople.org, not a sub-domain
*.fedorapeople.org is
I know that these sorts of records have certain limitations to what can be attached to them, but I could not find if SSHFP was one of the allowed records or not. This looks to be a post-beta freeze thing to look at.
Metadata Update from @kevin: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, low-trouble, ops, unfreeze
ok, you can add sshfp records to the wildcard entries and I have done so.
In additon I have filed https://bugzilla.redhat.com/show_bug.cgi?id=2009074 to ask it to just upload to fedorapeople.org instead of <something>.fedorapeople.org.
Thanks for the report.
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Issue status updated to: Open (was: Closed)
Metadata Update from @jbley: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.