[hibernate-dev] Ansible set-up, error "unknown key type ecdsa"
Sanne Grinovero
sanne at hibernate.org
Wed Aug 26 07:15:16 EDT 2015
On 25 August 2015 at 14:15, Gunnar Morling <gunnar at hibernate.org> wrote:
> Sanne,
>
> When running Ansible to update the CI slaves on OS X, I get the following error:
>
> TASK: [jenkins-slave | Ensure cimaster is a known host] ***********************
> unknown key type ecdsa
> fatal: [209.132.178.232] => lookup_plugin.pipe(ssh-keyscan -t ecdsa
> 54.174.65.136) returned 255
>
> Can we use another key type than "ecdsa"? Apparently the SSH coming
> with OS X has no support for it (see [1]) and I'd prefer to use the
> default version rather than having to install another one.
That line though is just a trick to fetch the existing keys so I guess
that to change the key type we need to figure out when & how these are
generated.
I just checked and it seems like we actually generate (and use) RSA
keys now; maybe that line is just broken on all platforms (not just on
OSX)?
When making changes I only run the related portions of the Ansible
script, so that might have been broken since a while w/o anyone
noticing.
Davide extended this further with tags: see the readme to easily run
only the tasks related to a specific task (although we should tag all
tasks, not done yet).
I'm actually quite unhappy with that whole trick to get the generated
nodes exchange the keys; it doesn't seem like "the Ansible way" as
it's quite procedural, but I couldn't figure a better way other than
pre-generate them (and lots of other people have that problem on SO so
I'd hope it will improve).
Would you prefer us to pre-generate those keys manually and add them
to the list of secret tokens which we need to share among maintainers?
I was trying to keep the list of keys we all need and the preparation
steps minimal, but agree this one might not be worth the complexity.
FWIW, ECDSA is the future: get a better OS ;-)
Thanks,
Sanne
>
> Thanks,
>
> --Gunnar
>
> [1] http://apple.stackexchange.com/questions/77731/ecdsa-ssh-key-on-10-8-2
> _______________________________________________
> hibernate-dev mailing list
> hibernate-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/hibernate-dev
More information about the hibernate-dev
mailing list