opendev/system-config
Code Issues Proposed changes

Add zuul-launcher ssh config file

Browse Source 
This instructs ssh to stop storing host keys for ephemeral hosts.

Change-Id: Id0512422e127373060fc570f857af6008026d514
Co-Authored-By: Morgan Fainberg <morgan.fainberg@gmail.com>
This commit is contained in:
James E. Blair 2016-06-07 15:54:57 -07:00 committed by Morgan Fainberg
parent f80665268c
commit 377ad145c3
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/openstack_project/files/zuul/launcher_ssh_config Normal file
View File

@ -0,0 +1,12 @@
HashKnownHosts No
Host *.openstack.org
StrictHostKeyChecking No
UserKnownHostsFile ~/.ssh/known_hosts
# NOTE(notmorgan): It is assumed that slaves are logged into
# not via a hostname ending in ".openstack.org" such
# as by IP address. This prevents storing the host keys of
# these slave hosts
Host * !*.openstack.org
StrictHostKeyChecking No
UserKnownHostsFile /dev/null

16
modules/openstack_project/manifests/zuul_launcher.pp
View File

@ -58,6 +58,22 @@ class openstack_project::zuul_launcher(
notify => Exec['zuul-launcher-reload'], notify => Exec['zuul-launcher-reload'],
} }
file { '/home/zuul/.ssh':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0700',
require => User['zuul'],
}
file { '/home/zuul/.ssh/config':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/launcher_ssh_config',
owner => 'zuul',
group => 'zuul',
require => File['/home/zuul/.ssh'],
}
class { '::zuul': class { '::zuul':
vhost_name => $vhost_name, vhost_name => $vhost_name,
gearman_server => $gearman_server, gearman_server => $gearman_server,