Linux: Update libvirt image to debian/bookworm64 and clab image to python:3.11-alpine #1623
Conversation
Also update Containerlab image to match Python version
|
Did this work for you? I can't even connect to the Linux VM due to a mismatch in SSH authentication expectations. This is from the Ansible initial configuration playbook: netlab connect reports a very similar error. |
* Use the Vagrant generated private key to access boxes (update Ansible inventory)
| @@ -1,6 +1,7 @@ | |||
| VAGRANT_COMMAND = ARGV[0] | |||
|
|
|||
| Vagrant.configure("2") do |config| | |||
| config.ssh.insert_key = true | |||
There was a problem hiding this comment.
We have 21 Vagrant boxes and most of them are not Linux and thus cannot have their SSH key replaced, and you go ahead and change the system default? Congratulations, great thinking.
FWIW, according to Vagrant documentation, the "true" value is equal to the default behavior, so this was completely unnecessary, but great job anyway.
There was a problem hiding this comment.
I figured it's the system default, so this only makes explicit what's already happening. However, Vagrant has an elaborate merging process for its settings - see https://developer.hashicorp.com/vagrant/docs/vagrantfile - and so we need to make sure it's set to true for the private key file to exist in the location we expect it to, in case users may override system defaults. I experimented with setting this to false
| @@ -41,3 +41,6 @@ attributes: | |||
| uplink: str | |||
| global: | |||
| providers: | |||
|
|
|||
| inventory: | |||
| ansible_ssh_private_key_file: .vagrant/machines/{ name }/libvirt/private_key | |||
There was a problem hiding this comment.
This is set for all Vagrant devices and probably breaks every single device that uses Vagrant default key (as in: most of them, I did a spot check on Cisco IOSv). Awesome. Just awesome.
Would you once in a while stop for a microsecond, think about the wider implications of your changes, and make the minimum amount of changes necessary?
| @@ -0,0 +1,152 @@ | |||
| echo -n 'Starting initial config ' && date | |||
There was a problem hiding this comment.
So you just copied the "ubuntu.j2" file, added "get netplan" and removed a few things. So when we figure out something needs to be changed and we fix it in one of the files everyone knows it has to be fixed in the other file as well, right?
There's a reason Jinja2 has "include" functionality.
| @@ -103,7 +103,9 @@ def ssh_connect( | |||
| if data.netlab_ssh_args: | |||
| c_args.extend(data.netlab_ssh_args.split(' ')) | |||
|
|
|||
| if data.ansible_ssh_pass: | |||
| if data.ansible_ssh_private_key_file: | |||
| c_args.extend(['-i', strings.eval_format(data.ansible_ssh_private_key_file,{'name': data.host})]) | |||
There was a problem hiding this comment.
What's wrong with passing the whole node data, and if you need the 'name' parameter, you can adjust the 'adjust_inventory_host' call to retain it. This is yet another example of the "let's fix my immediate problem" mentality.
|
After we decide how to deal with Vagrant private keys (#1628) we'll implement a "minimum impact" move to Debian/Bookworm. |
FWIW, I thought I was rushing to fix something that was also affecting your FRR PR. You could have just told me that I missed the brute-force password authentication override patch |
ansible_ssh_private_key_filein inventory)netlab_linux_distroto debian, add custom init scriptI commented out the DNS fixes for systemd resolvd, not sure if those are still needed. We may want to refactor
netplaninit into its own script - I copied the Ubuntu bits