DescriptionUpgrade Fails on HA or NCM System with 'Host key verification failed' Message
SolutionAffected versions: 8.0.3 and lower, 7.3.x and possibly lower
Issue: When attempting to upgrade a NCM or HA system, the upgrade fails with the following output:
--------------------
tar: /bsc/campusMgr/agent/scanConfig: Cannot stat: No such file or directory
tar: Error exit delayed from previous errors
Host key verification failed.Host key verification failed.
...
Host key verification failed./bsc/campusMgr/bin/install/updateCampusMgrPost.centos: some unexpected error happened during the install.
The install program has terminated, and THE INSTALLATION IS NOT COMPLETE.
The machine(s) in this cluster are NOT CURRENTLY IN A VALID STATE.
-------------------
This is due to ssh sessions generating prompts due to either lack of entries in known_hosts file or ssh keys in all servers.
Example 1: Nessus2's ip is not in the known_hosts file of cm1
root@cm1:
> ssh nessus2
The authenticity of host 'nessus2 (172.22.100.10)' can't be established.
RSA key fingerprint is 94:08:7a:74:41:a7:28:23:1e:e8:63:12:5d:24:2f:51.
Are you sure you want to continue connecting (yes/no)?
Example 2: Nessus1's correct password is not in the /root/.ssh/authorized_keys2 file of cm1
root@cm1:
> ssh nessus2
password:
Solution: Make sure ssh keys are complete for all servers in NCM or HA configuration. This can be done using the AddPassword and SetSSHKey tools.
1) To set the password for SSH connections to a specific server ip, type:
AddPassword <server ip> <root cli password>
is an escape character, escape any $ characters in the root cli password with the symbol.
2) Remove any old host entries for that server ip (if any exist).
vi /root/.ssh/known_hosts
'DD' to delete the line.
3) Add the new key for that server ip.
SetSSHKey <server ip>
4) Rerun the upgrade.
This is addressed in Network Sentry 8.0.4 and higher. As of 8.0.4, the upgrade process now confirms that SSH communications are successful to each pod before starting the upgrade.
