remove system also from proxy ssh known_hosts

java/code/src/com/redhat/rhn/manager/system/SystemManager.java

@@ -802,6 +802,9 @@ private void removeSaltSSHKnownHosts(Server server) {
                         log.warn("Hostname {}:{} could not be removed from /var/lib/salt/.ssh/known_hosts: {}",
                                 hostname, port, result.map(r -> r.getComment()).orElse(""));
                     }
+                    else {
+                        SaltSSHService.cleanupKnownHostsFromProxy(server);
+                    }
                 },
                 () -> log.warn("Unable to remove SSH key for {} from /var/lib/salt/.ssh/known_hosts: unknown hostname",
                         server.getName()));

java/code/src/com/suse/manager/webui/services/impl/SaltSSHService.java

@@ -817,6 +817,7 @@ public Optional<List<String>> cleanupSSHMinion(MinionServer minion, int timeout)
             if (!minion.getServerPaths().isEmpty()) {
                 List<ServerPath> paths = sortServerPaths(minion.getServerPaths());
                 ServerPath last = paths.get(paths.size() - 1);
+
                 SaltSSHService.getOrRetrieveSSHPushProxyPubKey(
                         last.getId().getProxyServer().getId())
                         .ifPresent(key ->
@@ -1016,4 +1017,44 @@ else if (err != null) {
                     }
                 }));
     }
+
+    /**
+     * Remove server hostname from ssh known_hosts of the proxy where this server is connected to.
+     *
+     * @param server the server to remove from proxy ssh known_hosts
+     * @return return true on success and false otherwise
+     */
+    public static boolean cleanupKnownHostsFromProxy(Server server) {
+        if (server == null || server.getServerPaths().isEmpty()) {
+            return true;
+        }
+        String hostname = server.getHostname();
+        List<ServerPath> paths = sortServerPaths(server.getServerPaths());
+        ServerPath last = paths.get(paths.size() - 1);
+        Server proxy = last.getId().getProxyServer();
+        List<String> proxyPath = proxyPathToHostnames(proxy);
+
+        Map<String, String> options = new HashMap<>();
+        options.put("StrictHostKeyChecking", "no");
+        options.put("ConnectTimeout", ConfigDefaults.get().getSaltSSHConnectTimeout() + "");
+        Optional<MgrUtilRunner.ExecResult> ret = GlobalInstanceHolder.SALT_API
+                .chainSSHCommand(proxyPath,
+                        SSH_KEY_PATH,
+                        PROXY_SSH_PUSH_KEY,
+                        PROXY_SSH_PUSH_USER,
+                        options,
+                        "/usr/bin/ssh-keygen -R " + hostname,
+                        null);
+        if (ret.map(MgrUtilRunner.ExecResult::getReturnCode).orElse(-1) != 0) {
+            String msg = ret.map(r -> "Failed to remove [" + hostname +
+                            "]. from ssh known_hosts on proxy [" + proxy.getHostname() +
+                            "] return code [" + r.getReturnCode() +
+                            "[, stderr [" + r.getStderr() + "]")
+                    .orElse("Could not remove " + hostname + " from ssh known_hosts on proxy " +
+                            proxy.getHostname() + ". Please check the logs.");
+            LOG.error(msg);
+            return false;
+        }
+        return true;
+    }
 }

java/spacewalk-java.changes.mc.Manager-4.3-cleanup-proxy-known_hosts

@@ -0,0 +1 @@
+- remove system also from proxy ssh known_hosts (bsc#1228345)