https://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842023-03-10T07:20:47ZopenSUSE Project Management ToolopenQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6117412023-03-10T07:20:47Zokurzokurz@suse.com
<ul><li><strong>Copied from</strong> <i><a class="issue tracker-4 status-3 priority-4 priority-default closed child" href="/issues/125534">action #125534</a>: Consolidate the installation of openqaw5-xen with SUSE QE Tools maintained machines size:M</i> added</li></ul> openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6117502023-03-10T07:23:13Zokurzokurz@suse.com
<ul></ul><p><a href="https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/804" class="external">https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/804</a> to allow password login for now</p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6119182023-03-10T12:11:58Znicksingernsinger@suse.com
<ul><li><strong>Subject</strong> changed from <i>In salt-states-openqa support machines requiring ssh password login for root user</i> to <i>In salt-states-openqa support machines requiring ssh password login for root user size:M</i></li><li><strong>Status</strong> changed from <i>New</i> to <i>Workable</i></li></ul> openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6126352023-03-13T12:22:45Zlivdywanliv.dywan@suse.com
<ul></ul><p>okurz wrote:</p>
<blockquote>
<p><a href="https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/804" class="external">https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/804</a> to allow password login for now</p>
</blockquote>
<p>I'm okay to accept it as a <strong>solution</strong>. I don't realistically see this as a work-around because there's no incentive to work on it if we don't consistently require it.</p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6174112023-03-27T09:17:07Zosukup
<ul><li><strong>Status</strong> changed from <i>Workable</i> to <i>In Progress</i></li><li><strong>Assignee</strong> set to <i>osukup</i></li></ul> openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6176782023-03-28T04:10:50Zopenqa_reviewopenqa-review@suse.de
<ul><li><strong>Due date</strong> set to <i>2023-04-11</i></li></ul><p>Setting due date based on mean cycle time of SUSE QE Tools</p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6179152023-03-28T13:07:16Zosukup
<ul></ul><p>this should permit root login only on openqaw5-xen<br>
<a href="https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/821" class="external">https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/821</a></p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6179722023-03-28T15:52:08Zosukup
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li></ul> openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6182662023-03-29T09:50:31Zosukup
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>In Progress</i></li></ul><p><a href="https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/822" class="external">https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/822</a> .. missed PasswordAuthentication :D</p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6186802023-03-30T09:44:52Zosukup
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Feedback</i></li></ul><p>both AC completed ..</p>
<p>for next --> use custom grains to enable password login instead hardcoded <code>grains['host'] == host</code></p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6208552023-04-05T11:45:00Zmkittlermarius.kittler@suse.com
<ul></ul><p>To avoid hard-coding concrete hostnames in the salt states, you could follow a similar approach to what I've recently done to exclude a systemd service on a specific host from alerting (see <a class="issue tracker-4 status-3 priority-6 priority-high2 closed" title="action: [alert] Failed systemd services alert (Resolved)" href="https://progress.opensuse.org/issues/127097#note-11">#127097#note-11</a>).</p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6225742023-04-12T11:08:33Zokurzokurz@suse.com
<ul><li><strong>Due date</strong> changed from <i>2023-04-11</i> to <i>2023-04-18</i></li><li><strong>Priority</strong> changed from <i>Normal</i> to <i>High</i></li></ul> openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6226612023-04-12T13:56:41Zosukup
<ul></ul><p><a href="https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/836" class="external">https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/836</a> should be without hardcoded hostname</p>
<p>simply define <code>passwordlogin: True</code> in grains on host where we need enabled password login for root</p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6256882023-04-20T08:46:56Zosukup
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul><p>changes merged.</p>
<p>while deploying host which needs root password login enabled simply add to configuration steps for salt minion <code>echo 'passwordlogin: True' >> /etc/salt/grains</code></p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6257722023-04-20T10:01:28Zokurzokurz@suse.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/625772/diff?detail_id=587609">diff</a>)</li><li><strong>Due date</strong> changed from <i>2023-04-18</i> to <i>2023-04-28</i></li><li><strong>Status</strong> changed from <i>Resolved</i> to <i>In Progress</i></li><li><strong>Priority</strong> changed from <i>High</i> to <i>Urgent</i></li></ul><p><code>sudo salt --no-color --state-output=changes 'openqaw5-xen.qa.suse.de' state.apply test=True</code> shows that the configuration is reset to "PasswordAuthentication no" and "PermitRootLogin without-password". I removed openqaw5-xen from salt-keys. Please look into this again.</p>
openQA Infrastructure - action #125750: In salt-states-openqa support machines requiring ssh password login for root user size:Mhttps://progress.opensuse.org/issues/125750?journal_id=6259162023-04-20T13:40:04Zokurzokurz@suse.com
<ul><li><strong>Due date</strong> deleted (<del><i>2023-04-28</i></del>)</li><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li><li><strong>Priority</strong> changed from <i>Urgent</i> to <i>High</i></li></ul><p>I checked locally on openqaw5-xen.qa.suse.de with <code>salt-call --no-color --state-output=changes state.show_sls sshd | less && salt-call --no-color --state-output=changes state.apply sshd; grep -i password /etc/ssh/sshd_config</code> and I could confirm that the files are properly evaluated and the password authentication is kept properly. I guess <code>test=True</code> does not evaluate grains or so. So everything looks fine. salt key is added, state is cleanly applied from OSD.</p>