Add zuul-launcher ssh config file

This instructs ssh to stop storing host keys for ephemeral hosts. Change-Id: Id0512422e127373060fc570f857af6008026d514 Co-Authored-By: Morgan Fainberg <morgan.fainberg@gmail.com>
2016-06-07 15:54:57 -07:00 · 2016-06-07 15:54:57 -07:00 · 377ad145c3
commit 377ad145c3
parent f80665268c
2 changed files with 28 additions and 0 deletions
--- a/modules/openstack_project/files/zuul/launcher_ssh_config
+++ b/modules/openstack_project/files/zuul/launcher_ssh_config
@ -0,0 +1,12 @@
+HashKnownHosts No
+Host *.openstack.org
+  StrictHostKeyChecking No
+  UserKnownHostsFile ~/.ssh/known_hosts
+
+# NOTE(notmorgan): It is assumed that slaves are logged into
+# not via a hostname ending in ".openstack.org" such
+# as by IP address. This prevents storing the host keys of
+# these slave hosts
+Host * !*.openstack.org
+  StrictHostKeyChecking No
+  UserKnownHostsFile /dev/null
--- a/modules/openstack_project/manifests/zuul_launcher.pp
+++ b/modules/openstack_project/manifests/zuul_launcher.pp
@ -58,6 +58,22 @@ class openstack_project::zuul_launcher(
    notify  => Exec['zuul-launcher-reload'],
  }

+  file { '/home/zuul/.ssh':
+    ensure  => directory,
+    owner   => 'zuul',
+    group   => 'zuul',
+    mode    => '0700',
+    require => User['zuul'],
+  }
+
+  file { '/home/zuul/.ssh/config':
+    ensure  => present,
+    source  => 'puppet:///modules/openstack_project/zuul/launcher_ssh_config',
+    owner   => 'zuul',
+    group   => 'zuul',
+    require => File['/home/zuul/.ssh'],
+  }
+
  class { '::zuul':
    vhost_name              => $vhost_name,
    gearman_server          => $gearman_server,