an ldap outage in eqiad ldap will make all ssh logins to instances to fail, afaict ssh-key-ldap-lookup can't fallback to additional servers from /etc/ldap.yaml
with open('/etc/ldap.yaml') as f: config = yaml.safe_load(f) conn = connect(config['servers'][0], config['user'], config['password']) if args.enable_servicegroups and args.username.startswith(PROJECT_NAME + '.'): groupname = 'cn=%s,ou=servicegroups,%s' % ( args.username, config['basedn'] ) keys = get_group_keys(conn, groupname) else: username = 'uid=%s,ou=people,%s' % (args.username, config['basedn']) keys = get_user_keys(conn, username) for key in keys: # Some keys have an accidental newline at the end, see T77902 print key.strip()