opendev/system-config
Code Issues Proposed changes

Add self host keys to known_hosts on gerrit

Browse Source 
We run some utility scripts which ssh to ourselves, but we aren't
setting host keys for them. We should fix that.

Change-Id: I2aa5d5e65b15c5c151767377dbc5ead1e442b3ce
This commit is contained in:
Monty Taylor 2020-04-13 10:10:35 -05:00
parent 37aee3e7d8
commit 014b3004c0
6 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
playbooks/host_vars/review-dev01.opendev.org.yaml
View File

@ -12,3 +12,4 @@ gerrit_vhost_name: review-dev.opendev.org
gerrit_redirect_vhost: review-dev.openstack.org
gerrit_project_config_base: /opt/project-config/dev
gerrit_project_creator_user: openstack-dev-project-creator
gerrit_self_hostkey: '[review-dev.opendev.org]:29418,[review-dev.openstack.org]:29418,[23.253.109.153]:29418,[2001:4800:7819:104:be76:4eff:fe04:8e55]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRHt4h3i2OFA8FQzPwn510VJlWIDp3Ar1VRTPFs9hTh3zofLJPsGbAqlKxiy4lg1keZIMViQLGRA847kn+TiSBQNqReurTEOo622IzkXGEMy1RJzyzKSioYRtNuyprO3DDCvajvvaWdEB5q2Vr3eKXvIYFJtYmGarZYqMXTL1DYWA9SjviWQWncp2eXCjV05rHAS8DdM1HhYEDdVRXlvUJLH7QVhAWrYrDWUlpUDOOKUEfWCOnFvAwsMAFKDthgeFCr4hJXaIrFJClmp+Fexqy8XJ8CPWKvnYlT46DUVd/ARm6DnfYr0tcudnQw6+TgjzlMAt3/zo11CJ3uDa2aYW5'

1
playbooks/host_vars/review01.openstack.org.yaml
View File

@ -84,3 +84,4 @@ letsencrypt_certs:
# Also, on review01.openstack.org, 3001 is openstackwatch and
# 3002 is github.
letsencrypt_gid: 3003
gerrit_self_hostkey: '[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1u1xdkaUv31ZDDPuRMZB2up2X/7CppphCcbZFWySZ4jL/g+XVahbGTgOoJ9hgH4pm5B6EZDZvvs93N0aHC/tlRLS1e3uqGdCiQt4dk/1Q1TLFM5k/DdvlhXDZrrafeMquhrGGuh5KUZQ97abIYTs7aMqyjzYW0tHu1QatcmDdCb90BXsMg6pLXx3dktsJZAWao457maAJxmAl0FY6iO3odlXM+lM+rayskYMvwHi2Atq8MLISdZJX05SpaSGmXji8ee80bK1fSqCVIOWMWiBT/ZcczpEFiTwZ+yPQliug70NhG6eD461/d8koNwyi7FjugmjZlO0GiQTu9o9R4BMh'

2
playbooks/roles/backup/tasks/main.yaml
View File

@ -58,4 +58,4 @@
user: root
hour: '5'
minute: '{{ 59|random(seed=item) }}'
with_inventory_hostnames: backup-server
with_inventory_hostnames: backup-server

6
playbooks/roles/gerrit/tasks/main.yaml
View File

@ -245,6 +245,12 @@
group: gerrit2
mode: 0600
- name: Accept own own hostkey
known_hosts:
state: present
key: '{{ gerrit_self_hostkey }}'
name: '[{{ gerrit_vhost_name }}]:29418'
- name: Install apache2
apt:
name:

1
playbooks/roles/gerrit/templates/manage-projects.j2
View File

@ -22,5 +22,6 @@ exec docker run --rm --net=host -u root \
-v/opt/lib/jeepyb:/opt/lib/jeepyb \
-v/home/gerrit2/review_site/etc/ssh_project_rsa_key:/home/gerrit2/review_site/etc/ssh_project_rsa_key \
-v/home/gerrit2/projects.ini:/home/gerrit2/projects.ini \
-v/root/.ssh/known_hosts:/root/.ssh/known_hosts \
-v/var/log:/var/log \
{{ gerrit_container_image }} manage-projects $@

1
playbooks/roles/gerrit/templates/track-upstream.j2
View File

@ -21,5 +21,6 @@ exec docker run --rm --net=host -u root \
-v/opt/lib/jeepyb:/opt/lib/jeepyb \
-v/home/gerrit2/review_site/etc/ssh_project_rsa_key:/home/gerrit2/review_site/etc/ssh_project_rsa_key \
-v/home/gerrit2/projects.ini:/home/gerrit2/projects.ini \
-v/root/.ssh/known_hosts:/root/.ssh/known_hosts \
-v/var/log:/var/log \
{{ gerrit_container_image }} track-upstream -v -l /var/log/track_upstream.log