From 91322002ff6ba83bdcf272a02b6e46a75956b9e6 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Thu, 30 Nov 2023 10:01:51 -0800 Subject: [PATCH] Rotate the new Gitea replication key into Gitea config We use a new larger rsa key so that gitea checks on key size don't fail when we upgrade gitea to 1.21 or newer. We did consider an ed25519 key isntead but those keys can only be generated in the new openssh key file format and there is some question around whether or not Gerrit's replication plugin (ultimately MINA ssh client) can read those files. To be safe we stick with what we know works and simply increase the bit count. Change-Id: I51e97e8545a54202b05f32de70c0715083954119 --- inventory/service/group_vars/gitea.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/inventory/service/group_vars/gitea.yaml b/inventory/service/group_vars/gitea.yaml index 2456f32af7..1fb9d9a73e 100644 --- a/inventory/service/group_vars/gitea.yaml +++ b/inventory/service/group_vars/gitea.yaml @@ -3,7 +3,7 @@ gitea_root_email: infra-root@openstack.org # is created in Gitea. When they are different two different keys are added. # This allows for key rotation. gitea_gerrit_public_key_A: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz gerrit-replication-2014-04-25 -gitea_gerrit_public_key_B: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVuhTMAz1H2Jr9AC3py9A0vlNna6Sdt4yrvZOayxukPqQ7GPZd+Mo7MVyypxLD479N2mA09JAdsbq1eTiPP8ksEkB+dNxZzw8mY1653R/IXSW6J9xPcoDa88HF2s/xHN24IWzgiDjNNe79AQ+sKleByEQZ++xXny3MRpy258hKUvAtjjOLOnM1PBs8JNOzBL+UPgWRgSX6GG0qywJZqjD1Qx5kvH9RTRLi+tcMhEi4laN7BYvn4csY0sYzTzPG4ZTu3ootIJoRlQGtQ0LmoFO1vSwyEJUags6/ZZGjgy3jl3kwcU/b8ZnFlF4MDw1OB1QqMb4r6bMHbXNIupp4zJbz gerrit-replication-2014-04-25 +gitea_gerrit_public_key_B: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCIEIT8l3h/BoIzKl7iDCui+7LB5KAzSW0EPGJxzk6/LREVo6riwY5J1aj9tLvC003ejICYKH7v7x/YICuOPwAOvC1R3LLDGSPMavwfCPUCtXeDe1heYsg1ngxkvd7ipNSHVF2chapgb+FwUqqgcnxD/2jf7HWw06/fdr9ahlNhA2HrZeZlyeo7F57Mj+C2Aq6nOCpvaZXqZ7LIcREd3EleB7+gDihD8qM0VPbxZuQrHMPumxa/l0aysmMz7RPmvzpTnFy5AYR/fcbJ/NFKjITxlUHWWBgJgKI5vrodJjRdPM5uylq+7xOkhvyZNHEYqrhBeylLXQG9JPoBpGBraKHonT2IdeBlFTi4ONypaicH9/Rdm7xCppC3rfLZwEexZgOYaoMlnC2eCJAVs1CDc7Jm91XckS15zhNdBBPV1vCpWCPrPwHSjk6JkDv8bh0zNd6IaRZxc1Bsu7bpKIKlD/ZINm9pdtrGaquEFQLpdEu4obYpqIkfDnTuBUMeOZDtyNUhtvVIo+re3orwTOFiNycB/+Z2kZiH/C82atSTh1LJrsfMeME0eKUuFyEzD+Kf2WZ8XvShx6zMMYiq6GibAQ2szz0rLESIblWEJEtZ7dT9zfoV0zyykTn6rsBBCMcXvuTeXpd3h7wz1Aj3WytIDdISCwOJutxQV1onVxx7lYii6w== gerrit@gitea.opendev.org-20231130 iptables_extra_public_tcp_ports: - 222 - 3000