Merge "Support skipping SSH keyscan for older switch devices"

6b376985 · Zuul · Gerrit Code Review · a1b65a93 · 7e3e6558 · 6b376985
Commit 6b376985 authored 6 months ago by Zuul Committed by Gerrit Code Review 6 months ago
--- a/ansible/inventory/group_vars/all/switches/keyscan
+++ b/ansible/inventory/group_vars/all/switches/keyscan
+---
+# Whether to skip scanning SSH keys for switches. In some cases scanning SSH
+# keys may fail e.g. due to unsupported key exchange algorithms on older
+# devices.  Default is false.
+switch_skip_keyscan: false
--- a/ansible/physical-network.yml
+++ b/ansible/physical-network.yml
@@ -117,6 +117,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: arista-switch
      arista_switch_type: "{{ switch_type }}"
@@ -133,6 +134,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: dell-switch
      dell_switch_type: "{{ switch_type }}"
@@ -150,6 +152,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: stackhpc.network.dell_powerconnect_switch
      dell_powerconnect_switch_type: "{{ switch_type }}"
@@ -166,6 +169,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: junos-switch
      junos_switch_type: "{{ switch_type }}"
@@ -183,6 +187,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: stackhpc.network.mellanox_switch
      mellanox_switch_type: "{{ switch_type }}"
@@ -199,6 +204,7 @@
       default(100) }}
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: nclu-switch
      nclu_switch_config: "{{ switch_config }}"
@@ -209,6 +215,7 @@
  gather_facts: no
  roles:
    - role: ssh-known-host
+      when: not switch_skip_keyscan | bool

    - role: nvue-switch
      nvue_switch_config: "{{ switch_config }}"

--- a/doc/source/configuration/reference/physical-network.rst
+++ b/doc/source/configuration/reference/physical-network.rst
@@ -181,6 +181,15 @@ example:
       description: compute0
       config: "{{ switch_interface_config_compute }}"

+Support for Older Devices
+=========================
+
+Some network devices may use SSH key exchange algorithms that are no longer
+supported by the Ansible control host. This will cause ``ssh-keyscan`` to fail,
+preventing Kayobe from configuring the devices. To work around this, set
+``switch_skip_keyscan`` to ``true`` for the affected devices. The SSH known
+hosts file on the Ansible control host will need to be populated manually.
+
 .. _physical-network-device-specific:

 Device-specific Configuration Variables

--- a/releasenotes/notes/switch-skip-keyscan-23b1f5006f443323.yaml
+++ b/releasenotes/notes/switch-skip-keyscan-23b1f5006f443323.yaml
+---
+features:
+  - |
+    Adds support for skipping SSH keyscan when configuring switches using
+    ``kayobe physical network configure`` using a ``switch_skip_keyscan``
+    variable.