ganeti in bullseye fails to verify because of SSH host keys verification
So we'll have to mess around with SSH host keys in bullseye for Ganeti.
see https://github.com/ganeti/ganeti/issues/1608 and #40365 (comment 2750799)
basically, we need to puppetize this command:
grep 'chi-node-0[0-9]' /etc/ssh/ssh_known_hosts | grep -v 'initramfs' | grep ssh-rsa | sed 's/[^ ]* /chignt.torproject.org /' > /var/lib/ganeti/known_hosts
that or we fix Ganeti to not do the -oGlobalKnownHostsFile=/var/lib/ganeti/known_hosts
part. bonus points for cleaning up the authorized_keys to allow only the master to login to the other nodes, as per the design docs.
Edited by anarcat