Skip to content

KAFKA-18960: The default type of ssh key used by vagrant is disabled … #19264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: trunk
Choose a base branch
from

Conversation

apalan60
Copy link
Contributor

@apalan60 apalan60 commented Mar 21, 2025

Summary

This change modernizes the Vagrant configuration used in our system
tests to address compatibility issues with OpenSSH 8.8, which has
disabled the default SSH key type used by Vagrant.

Description

JIRA

The existing environment uses Ubuntu 14.04, which comes with an older
version of Paramiko. This
outdated setup causes issues when performing SSH agent forwarding on
modern systems. For example, on newer hosts using OpenSSH 8.8+,
authentication errors occur due to missing support for
rsa-sha2-256 and rsa-sha2-512 signature algorithms, or
background retries may happen repeatedly and fail silently. A sample
error encountered is shown below:

#<Vagrant::Errors::SSHConnectionReset:"SSH connection was reset! ...">

Upgrading the OS allows us to use a newer version of Paramiko by
default, which includes built-in support for these signature
algorithms

This ensures compatibility with modern SSH implementations and prevents
connection issues due to requirements in OpenSSH 8.8+.

As part of the OS upgrade, several outdated components were also
updated. These changes include updated package installation commands and
the replacement of legacy NTP utilities with Chrony.

Additionally, the current test setup has a dependency on distutils, which is no longer included by default in some modern Python distributions. Instead of requiring users to manually install setuptools, this PR modifies setup.py to handle this requirement automatically.

Updates

  1. Base Box: Changed the Vagrant base box from ubuntu/trusty64 to
    ubuntu/jammy64 to ensure support for newer environments.

  2. Package Installation: Updated the package installation commands in
    the Vagrant base script by replacing deprecated packages.

  3. Time Synchronization: Replaced the legacy ntpdate/ntp setup with
    Chrony for time synchronization, aligning with modern best practices.

  4. Modified setup.py to automatically install setuptools

Reviewers: Chia-Ping Tsai [email protected]

@github-actions github-actions bot added triage PRs from the community tools small Small PRs labels Mar 21, 2025
@apalan60 apalan60 changed the title [WIP]KAFKA-18960: the default type of ssh key used by vagrant is disabled … [WIP]KAFKA-18960: The default type of ssh key used by vagrant is disabled … Mar 21, 2025
@apalan60
Copy link
Contributor Author

apalan60 commented Mar 26, 2025

Due to the limitations of my local hardware resources, I wasn't able to run all the tests. For now, I've selected and run multiple tests from different modules to verify that the adjusted tests can execute properly.

Below are the relevant results. Please let me know if anything needs improvement or if additional test results are required.

====================================================================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-03-25--017
run time:         11 minutes 56.266 seconds
tests run:        6
passed:           6
flaky:            0
failed:           0
ignored:          0
====================================================================================================
test_id:    kafkatest.benchmarks.core.benchmark_test.Benchmark.test_long_term_producer_throughput.security_protocol=PLAINTEXT.compression_type=none.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   1 minute 24.179 seconds
{"0": {"records_per_sec": 423101.3, "mb_per_sec": 40.35}}
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.benchmarks.core.benchmark_test.Benchmark.test_long_term_producer_throughput.security_protocol=PLAINTEXT.compression_type=snappy.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   1 minute 45.253 seconds
{"0": {"records_per_sec": 292090.2, "mb_per_sec": 27.86}}
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.benchmarks.core.benchmark_test.Benchmark.test_long_term_producer_throughput.security_protocol=SSL.interbroker_security_protocol=PLAINTEXT.tls_version=TLSv1.2.compression_type=none.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   2 minutes 2.865 seconds
{"0": {"records_per_sec": 311013.0, "mb_per_sec": 29.66}}
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.benchmarks.core.benchmark_test.Benchmark.test_long_term_producer_throughput.security_protocol=SSL.interbroker_security_protocol=PLAINTEXT.tls_version=TLSv1.2.compression_type=snappy.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   1 minute 53.305 seconds
{"0": {"records_per_sec": 256259.1, "mb_per_sec": 24.44}}
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.benchmarks.core.benchmark_test.Benchmark.test_long_term_producer_throughput.security_protocol=SSL.interbroker_security_protocol=PLAINTEXT.tls_version=TLSv1.3.compression_type=none.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   3 minutes 6.848 seconds
{"0": {"records_per_sec": 246609.1, "mb_per_sec": 23.52}}
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.benchmarks.core.benchmark_test.Benchmark.test_long_term_producer_throughput.security_protocol=SSL.interbroker_security_protocol=PLAINTEXT.tls_version=TLSv1.3.compression_type=snappy.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   1 minute 43.161 seconds
{"0": {"records_per_sec": 332237.0, "mb_per_sec": 31.68}}
----------------------------------------------------------------------------------------------------
====================================================================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-03-25--023
run time:         6 minutes 42.914 seconds
tests run:        14
passed:           14
flaky:            0
failed:           0
ignored:          0
====================================================================================================
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_PLAINTEXT.metadata_quorum=COMBINED_KRAFT
status:     PASS
run time:   23.402 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_PLAINTEXT.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   30.244 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_SSL.metadata_quorum=COMBINED_KRAFT
status:     PASS
run time:   28.521 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_SSL.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   35.727 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_SSL.sasl_mechanism=PLAIN.metadata_quorum=COMBINED_KRAFT
status:     PASS
run time:   26.250 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_SSL.sasl_mechanism=PLAIN.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   35.847 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_SSL.sasl_mechanism=SCRAM-SHA-256.metadata_quorum=COMBINED_KRAFT
status:     PASS
run time:   29.505 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_SSL.sasl_mechanism=SCRAM-SHA-256.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   36.914 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_SSL.sasl_mechanism=SCRAM-SHA-512.metadata_quorum=COMBINED_KRAFT
status:     PASS
run time:   28.969 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SASL_SSL.sasl_mechanism=SCRAM-SHA-512.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   40.029 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=PLAINTEXT.metadata_quorum=COMBINED_KRAFT
status:     PASS
run time:   15.230 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   24.402 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SSL.metadata_quorum=COMBINED_KRAFT
status:     PASS
run time:   19.902 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.sanity_checks.test_console_consumer.ConsoleConsumerTest.test_lifecycle.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   26.449 seconds
----------------------------------------------------------------------------------------------------
====================================================================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-03-25--030
run time:         9 minutes 57.379 seconds
tests run:        3
passed:           3
flaky:            0
failed:           0
ignored:          0
====================================================================================================
test_id:    kafkatest.tests.client.consumer_test.OffsetValidationTest.test_broker_rolling_bounce.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=False
status:     PASS
run time:   3 minutes 15.145 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.client.consumer_test.OffsetValidationTest.test_broker_rolling_bounce.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=classic
status:     PASS
run time:   3 minutes 10.695 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.client.consumer_test.OffsetValidationTest.test_broker_rolling_bounce.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=consumer
status:     PASS
run time:   3 minutes 31.212 seconds
----------------------------------------------------------------------------------------------------
====================================================================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-03-26--012
run time:         5 minutes 42.850 seconds
tests run:        12
passed:           12
flaky:            0
failed:           0
ignored:          0
====================================================================================================
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=False
status:     PASS
run time:   26.139 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=classic
status:     PASS
run time:   23.471 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=consumer
status:     PASS
run time:   25.552 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=False
status:     PASS
run time:   30.286 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=classic
status:     PASS
run time:   31.286 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=consumer
status:     PASS
run time:   29.641 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=False
status:     PASS
run time:   28.131 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=classic
status:     PASS
run time:   25.747 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=consumer
status:     PASS
run time:   27.718 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=False
status:     PASS
run time:   31.341 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=classic
status:     PASS
run time:   30.869 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True.group_protocol=consumer
status:     PASS
run time:   31.362 seconds
----------------------------------------------------------------------------------------------------
====================================================================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-03-26--017
run time:         12 minutes 55.400 seconds
tests run:        2
passed:           2
flaky:            0
failed:           0
ignored:          0
====================================================================================================
test_id:    kafkatest.tests.core.replica_scale_test.ReplicaScaleTest.test_clean_bounce.topic_count=50.partition_count=34.replication_factor=3.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=False
status:     PASS
run time:   6 minutes 24.879 seconds
----------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.replica_scale_test.ReplicaScaleTest.test_clean_bounce.topic_count=50.partition_count=34.replication_factor=3.metadata_quorum=ISOLATED_KRAFT.use_new_coordinator=True
status:     PASS
run time:   6 minutes 30.301 seconds
----------------------------------------------------------------------------------------------------

@apalan60 apalan60 changed the title [WIP]KAFKA-18960: The default type of ssh key used by vagrant is disabled … KAFKA-18960: The default type of ssh key used by vagrant is disabled … Mar 26, 2025
Copy link

A label of 'needs-attention' was automatically added to this PR in order to raise the
attention of the committers. Once this issue has been triaged, the triage label
should be removed to prevent this automation from happening again.

Copy link

A label of 'needs-attention' was automatically added to this PR in order to raise the
attention of the committers. Once this issue has been triaged, the triage label
should be removed to prevent this automation from happening again.

Copy link

github-actions bot commented Apr 2, 2025

A label of 'needs-attention' was automatically added to this PR in order to raise the
attention of the committers. Once this issue has been triaged, the triage label
should be removed to prevent this automation from happening again.

Copy link

github-actions bot commented Apr 4, 2025

A label of 'needs-attention' was automatically added to this PR in order to raise the
attention of the committers. Once this issue has been triaged, the triage label
should be removed to prevent this automation from happening again.

tests/README.md Outdated
@@ -166,6 +166,7 @@ https://cwiki.apache.org/confluence/display/KAFKA/tutorial+-+set+up+and+run+Kafk
$ virtualenv -p python3 venv
$ . ./venv/bin/activate
$ python3 -m pip install --editable .
$ pip3 install setuptools
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could setuptools be added to setup.py?

Copy link
Contributor Author

@apalan60 apalan60 Apr 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chia7712

Thank you for your review.

I have updated setup.py to declare setuptools as a dependency. After making this change, I verified that setuptools is installed automatically by running:

cd kafka/tests \
&& rm -rf venv \
&& virtualenv -p python3 venv \
&& . ./venv/bin/activate \
&& python3 -m pip install --editable .

Then:

➜ pip3 freeze | grep setuptools
setuptools==78.1.0

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also re-ran some tests to ensure this new change didn’t introduce issues. PTAL, Thanks!

=================================================================================================================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-04-25--006
run time:         25.012 seconds
tests run:        1
passed:           1
flaky:            0
failed:           0
ignored:          0
=================================================================================================================================================
test_id:    kafkatest.tests.client.pluggable_test.PluggableConsumerTest.test_start_stop.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   24.900 seconds
-------------------------------------------------------------------------------------------------------------------------------------------------

==================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-04-25--008
run time:         1 minute 36.449 seconds
tests run:        1
passed:           1
flaky:            0
failed:           0
ignored:          0
==================================================================================================================================================================================================================================
test_id:    kafkatest.tests.client.compression_test.CompressionTest.test_compressed_topic.compression_types=.snappy.gzip.lz4.zstd.none.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   1 minute 36.336 seconds
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-04-25--004
run time:         4 minutes 32.461 seconds
tests run:        8
passed:           8
flaky:            0
failed:           0
ignored:          0
========================================================================================================================================================================================================================================================
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.group_protocol=classic
status:     PASS
run time:   30.493 seconds
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.group_protocol=consumer
status:     PASS
run time:   32.633 seconds
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.group_protocol=classic
status:     PASS
run time:   38.879 seconds
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_describe_consumer_group.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.group_protocol=consumer
status:     PASS
run time:   38.867 seconds
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.group_protocol=classic
status:     PASS
run time:   30.817 seconds
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=PLAINTEXT.metadata_quorum=ISOLATED_KRAFT.group_protocol=consumer
status:     PASS
run time:   29.089 seconds
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.group_protocol=classic
status:     PASS
run time:   35.645 seconds
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.consumer_group_command_test.ConsumerGroupCommandTest.test_list_consumer_groups.security_protocol=SSL.metadata_quorum=ISOLATED_KRAFT.group_protocol=consumer
status:     PASS
run time:   35.149 seconds
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

=================================================================================================================================================
SESSION REPORT (ALL TESTS)
ducktape version: 0.12.0
session_id:       2025-04-25--005
run time:         1 minute 12.090 seconds
tests run:        2
passed:           2
flaky:            0
failed:           0
ignored:          0
=================================================================================================================================================
test_id:    kafkatest.tests.core.controller_mutation_quota_test.ControllerMutationQuotaTest.test_controller_mutation_quota.metadata_quorum=COMBINED_KRAFT
status:     PASS
run time:   30.361 seconds
-------------------------------------------------------------------------------------------------------------------------------------------------
test_id:    kafkatest.tests.core.controller_mutation_quota_test.ControllerMutationQuotaTest.test_controller_mutation_quota.metadata_quorum=ISOLATED_KRAFT
status:     PASS
run time:   41.500 seconds
-------------------------------------------------------------------------------------------------------------------------------------------------

@github-actions github-actions bot removed triage PRs from the community needs-attention labels Apr 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants