Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhel-9.5
Affects Version/s: None
Component/s: rhel-system-roles
Labels:
- RHEL-System-Roles
- system_role_sshd

Fixed in Build:
rhel-system-roles-1.78.1-0.1.el9
Regression:
None
Severity:
None
Keywords:

ZStream
sprint_count:
3

Pool Team:

rhel-sst-system-roles

Story Points:
3
ACKs Check:

QE ack, Dev ack
Target Version:

rhel-9.5
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Products:

Red Hat Enterprise Linux
Sprint:
System Roles Sprint 1, System Roles Sprint 2, System Roles Sprint 3
Release Blocker:
Approved Blocker
Target Backport Versions:

rhel-8.10.z, rhel-9.4.z

Preliminary Testing:
Pass
Testable Builds:
rhel-system-roles-1.76.0-0.1.8.el9
Errata Link:
https://errata.engineering.redhat.com/advisory/130467
Test Coverage:
None

Release Note Type:
Bug Fix
Release Note Text:

Hide
.The `sshd` RHEL system role can configure the second `sshd` service correctly

Running the `sshd` RHEL system role to configure the second `sshd` service on your managed nodes caused an error if you did not specify the `sshd_config_file` role variable. Consequently, your playbook would fail and the `sshd` service would not be configured correctly. To fix the problem, deriving of the main configuration file has been improved. Also, the documentation resources in the `/usr/share/doc/rhel-system-roles/sshd/` directory have been made clearer to avoid this problem. As a result, configuring the second `sshd` service as described in the above scenario works as expected.

Show
.The `sshd` RHEL system role can configure the second `sshd` service correctly Running the `sshd` RHEL system role to configure the second `sshd` service on your managed nodes caused an error if you did not specify the `sshd_config_file` role variable. Consequently, your playbook would fail and the `sshd` service would not be configured correctly. To fix the problem, deriving of the main configuration file has been improved. Also, the documentation resources in the `/usr/share/doc/rhel-system-roles/sshd/` directory have been made clearer to avoid this problem. As a result, configuring the second `sshd` service as described in the above scenario works as expected.
Release Note Status:
Done

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

What were you trying to do that didn't work?

Create second sshd service with this kind of configuration:

---
- name: Configure second SSHD service on different port
hosts: all
vars:
sshd_service: sshd2
sshd_config_file: /etc/ssh2/sshd_config
sshd_install_service: true
sshd_manage_selinux: true
sshd:
Port: 2222
ForceCommand: echo "CONNECTED2"
tasks:
- name: Run the role
ansible.builtin.include_role:
name: linux-system-roles.sshd

Please provide the package NVR for which bug is seen:

rhel-system-roles-1.23.0-2.21.el9

Note: worked fine in rhel-system-roles-1.22.0-2.el9, therefore qualifies as a regression

How reproducible:

always

Steps to reproduce

run our test https://pkgs.devel.redhat.com/cgit/tests/openssh/tree/Sanity/ansible-sshd

Expected results

passes

Actual results

fails - second sshd service seems to try to use port 22, conflicting with the regular SSHD

:: [ 13:31:30 ] :: [ BEGIN ] :: Running 'journalctl -xeu sshd2.service'
Mar 15 13:31:30 rhel-9-3-0-z-stream.fingertip.local systemd[1]: Starting OpenBSD Secure Shell server...
░░ Subject: A start job for unit sshd2.service has begun execution
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit sshd2.service has begun execution.
░░
░░ The job identifier is 2735.
Mar 15 13:31:30 rhel-9-3-0-z-stream.fingertip.local sshd[18842]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Mar 15 13:31:30 rhel-9-3-0-z-stream.fingertip.local sshd[18842]: error: Bind to port 22 on :: failed: Address already in use.
Mar 15 13:31:30 rhel-9-3-0-z-stream.fingertip.local sshd[18842]: fatal: Cannot bind any address.
Mar 15 13:31:30 rhel-9-3-0-z-stream.fingertip.local systemd[1]: sshd2.service: Main process exited, code=exited, status=255/EXCEPTION
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ An ExecStart= process belonging to unit sshd2.service has exited.
░░
░░ The process' exit code is 'exited' and its exit status is 255.
Mar 15 13:31:30 rhel-9-3-0-z-stream.fingertip.local systemd[1]: sshd2.service: Failed with result 'exit-code'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ The unit sshd2.service has entered the 'failed' state with result 'exit-code'.
Mar 15 13:31:30 rhel-9-3-0-z-stream.fingertip.local systemd[1]: Failed to start OpenBSD Secure Shell server.
░░ Subject: A start job for unit sshd2.service has failed
░░ Defined-By: systemd
░░ Support: https://access.redhat.com/support
░░
░░ A start job for unit sshd2.service has finished with a failure.
░░
░░ The job identifier is 2735 and the job result is failed.

links to

link to github PR

RHEA-2024:130467 rhel-system-roles bug fix and enhancement update

Assignee:: Richard Megginson

Reporter:: Stanislav Zidek

Developer:: Richard Megginson

QA Contact:: David Jez

Doc Contact:: Jaroslav Klech

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 2024/03/15 1:35 PM

Updated:: 2024/11/12 8:50 AM

Resolved:: 2024/11/12 8:50 AM

Release Date:: 2024/11/12

Details

Description

What were you trying to do that didn't work?

Please provide the package NVR for which bug is seen:

How reproducible:

Steps to reproduce

Expected results

Actual results

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates