Merge PR ceph#40924 into master

* refs/pull/40924/head:
	mgr/cephadm: check hostname resolution before adding host
	cephadm: provide a way to checkhost connection without /etc/hosts passed the shell
	doc/cephadm: remove /etc/hosts from list of hostname resoltion methods

Reviewed-by: Sage Weil <[email protected]>
Reviewed-by: Adam King <[email protected]>

doc/cephadm/host-management.rst

@@ -278,7 +278,6 @@ names etc. When cephadm initiates an ssh connection to a remote host,
 the host name  can be resolved in four different ways:
 
 -  a custom ssh config resolving the name to an IP
--  via an externally maintained ``/etc/hosts``
 -  via explicitly providing an IP address to cephadm: ``ceph orch host add <hostname> <IP>``
 -  automatic name resolution via DNS.
 

src/cephadm/cephadm

@@ -3174,6 +3174,8 @@ class CephContainer:
 
         if self.host_network:
             cmd_args.append('--net=host')
+        if self.ctx.no_hosts:
+            cmd_args.append('--no-hosts')
         if self.privileged:
             cmd_args.extend([
                 '--privileged',
@@ -7589,6 +7591,10 @@ def _get_parser():
     parser_shell.add_argument(
         'command', nargs=argparse.REMAINDER,
         help='command (optional)')
+    parser_shell.add_argument(
+        '--no-hosts',
+        action='store_true',
+        help='dont pass /etc/hosts through to the container')
 
     parser_enter = subparsers.add_parser(
         'enter', help='run an interactive shell inside a running daemon container')

src/pybind/mgr/cephadm/module.py

@@ -1367,6 +1367,28 @@ def _add_host(self, spec):
         :param host: host name
         """
         assert_valid_host(spec.hostname)
+        # make sure hostname is resolvable before trying to make a connection
+        try:
+            utils.resolve_ip(spec.addr)
+        except OrchestratorError as e:
+            msg = str(e) + f'''
+You may need to supply an address for {spec.addr}
+
+Please make sure that the host is reachable and accepts connections using the cephadm SSH key
+To add the cephadm SSH key to the host:
+> ceph cephadm get-pub-key > ~/ceph.pub
+> ssh-copy-id -f -i ~/ceph.pub {self.ssh_user}@{spec.addr}
+
+To check that the host is reachable open a new shell with the --no-hosts flag:
+> cephadm shell --no-hosts
+
+Then run the following:
+> ceph cephadm get-ssh-config > ssh_config
+> ceph config-key get mgr/cephadm/ssh_identity_key > ~/cephadm_private_key
+> chmod 0600 ~/cephadm_private_key
+> ssh -F ssh_config -i ~/cephadm_private_key {self.ssh_user}@{spec.addr}'''
+            raise OrchestratorError(msg)
+
         out, err, code = CephadmServe(self)._run_cephadm(spec.hostname, cephadmNoImage, 'check-host',
                                                          ['--expect-hostname', spec.hostname],
                                                          addr=spec.addr,

src/pybind/mgr/cephadm/serve.py

@@ -1240,7 +1240,10 @@ def _remote_connection(self,
 > ceph cephadm get-pub-key > ~/ceph.pub
 > ssh-copy-id -f -i ~/ceph.pub {user}@{addr}
 
-To check that the host is reachable:
+To check that the host is reachable open a new shell with the --no-hosts flag:
+> cephadm shell --no-hosts
+
+Then run the following:
 > ceph cephadm get-ssh-config > ssh_config
 > ceph config-key get mgr/cephadm/ssh_identity_key > ~/cephadm_private_key
 > chmod 0600 ~/cephadm_private_key

src/pybind/mgr/cephadm/tests/fixtures.py

@@ -70,11 +70,12 @@ def wait(m, c):
 @contextmanager
 def with_host(m: CephadmOrchestrator, name, refresh_hosts=True):
     # type: (CephadmOrchestrator, str) -> None
-    wait(m, m.add_host(HostSpec(hostname=name)))
-    if refresh_hosts:
-        CephadmServe(m)._refresh_hosts_and_daemons()
-    yield
-    wait(m, m.remove_host(name))
+    with mock.patch("cephadm.utils.resolve_ip"):
+        wait(m, m.add_host(HostSpec(hostname=name)))
+        if refresh_hosts:
+            CephadmServe(m)._refresh_hosts_and_daemons()
+        yield
+        wait(m, m.remove_host(name))
 
 
 def assert_rm_service(cephadm: CephadmOrchestrator, srv_name):