chef - [chef] Re: Re: Why does knife sometime decide to bomb out?

Subscribers: 1946
Owners
Bryan McLellan
Joshua Timberman
Nathen Harvey
Seth Chisamore
Serdar Sutay

Subscribe
Unsubscribe
Info
Archive

Post

RSS
Shared documents

General discussion about Chef

[chef] Re: Re: Why does knife sometime decide to bomb out?

From: Peter Norton < >
To:
Subject: [chef] Re: Re: Why does knife sometime decide to bomb out?
Date: Tue, 17 Apr 2012 01:22:08 -0400

How is that disabled? I find that especially when dealing with ec2 instances this is a huge nuisance. Disabling strict host key checking in general (per http://help.opscode.com/discussions/problems/116-knife-doesnt-handle-host-key-conflicts) seems to miss how there are two use cases. In one, in general, I don't want ssh to ssh into a host whose host key has changed. However with knife I am sure that amazon has given me an address and I should just ignore any host key conflicts and bootstrap.

It seems that even if the option can't be manipulated directly in the Net::SSH API (I'm not sure if it can or can't) it'd be nice to be able to default it to having the known_hosts file = /dev/null when using knife, e.g. per http://net-ssh.github.com/ssh/v2/api/classes/Net/SSH/Config.html.

-Peter

On Tue, Apr 17, 2012 at 1:11 AM, Daniel DeLeo < "> > wrote:

On Monday, April 16, 2012 at 9:22 PM, David Montgomery wrote:

> Hi,
>
> Per the below....this happens about 10% of the time. Why does this
> happen? This just happened three times in a row.
>
> :~/.chef$ knife ec2 server create -r
> "role[monitor_server]" -E development --region ap-southeast-1 -Z
> ap-southeast-1a -I ami-c4622596 --flavor m1.medium -G nginx -x ubuntu
> -S sg_development -i /home/ubuntu/.ec2/sg_development.pem
> Instance ID: i-ba8a5dee
> Flavor: m1.medium
> Image: ami-c4622596
> Region: ap-southeast-1
> Availability Zone: ap-southeast-1a
> Security Groups: nginx
> SSH Key: sg_development
>
> Waiting for server..............

> Public DNS Name: ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com (http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com)

> Public IP Address: 46.137.237.153
> Private DNS Name: ip-10-131-34-124.ap-southeast-1.compute.internal
> Private IP Address: 10.131.34.124
>
> Waiting for sshd.done

> Bootstrapping Chef on ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com (http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com)

> ERROR: Net::SSH::HostKeyMismatch: fingerprint
> f2:50:06:7a:7c:dc:e3:94:08:89:a4:ae:04:3c:ab:a9 does not match for

> "ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com (http://ec2-46-137-237-153.ap-southeast-1.compute.amazonaws.com),46.137.237.153"

It's exactly what it says. SSH strict host key checking is enabled, and you have a different fingerprint for this IP/hostname in your known_hosts file.

--
Dan DeLeo

[chef] Why does knife sometime decide to bomb out?, David Montgomery, 04/16/2012
- [chef] Re: Why does knife sometime decide to bomb out?, Daniel DeLeo, 04/16/2012
  - [chef] Re: Re: Why does knife sometime decide to bomb out?, Peter Norton, 04/16/2012
    - [chef] Re: Re: Re: Why does knife sometime decide to bomb out?, Andrea Campi, 04/16/2012
      - [chef] Re: Re: Re: Re: Why does knife sometime decide to bomb out?, Peter Norton, 04/17/2012