= bug description = {{{ $ ssh releng02.phx2.fedoraproject.org The authenticity of host 'releng02.phx2.fedoraproject.org (<no hostip for proxy command>)' can't be established. RSA key fingerprint is 2f:5f:ac:7c:8a:e2:2a:a6:21:db:c6:9f:bb:fd:2a:41. No matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? }}} = bug analysis = releng02 and maybe other releng boxes except releng04 and releng01.stg are missing from the file = fix recommendation = Add missing hosts to the ssh_known_hosts files.
So, this file is generated by a python script manually run by admins (so they can inspect any changes).
However, the script was setup to read only those hosts that were in puppet. Since many machines we now have are not in puppet, but have moved to ansible, they aren't showing up. ;(
The old script is in puppet/modules/ssh/files/fetch-ssh-keys.py
We need to port this over to an ansible script that gathers the keys from all hosts in ansible inventory and generates the file (ansible has all machines in it's inventory, so it would include the puppet ones too).
Would you be interested in making such a script? Or we could toss easyfix on this and see if another apprentice would be interested...
Fixed with this new script: http://infrastructure.fedoraproject.org/cgit/ansible.git/tree/scripts/fetch-ssh-keys
Log in to comment on this ticket.