Update the gerritbot-matrix image to fix the ssh signature failure

This change enables a new runtime which does not use the faulty openssh crypto policy. Change-Id: Iedf8e2668a2f9e1770ca1782b3e61983382e5df5
2021-08-01 21:41:06 +00:00 · 2021-08-01 21:41:06 +00:00 · 953358a485
parent 81b3e0eb90
commit 953358a485
4 changed files with 12 additions and 6 deletions
--- a/playbooks/roles/matrix-gerritbot/defaults/main.yaml
+++ b/playbooks/roles/matrix-gerritbot/defaults/main.yaml
@ -1,8 +1,9 @@
-gerritbot_matrix_version: 0.1.0.0
+gerritbot_matrix_version: bd43946
 gerritbot_matrix_image: quay.io/software-factory/gerritbot-matrix:{{ gerritbot_matrix_version }}

 # gerrit ssh configuration
 gerritbot_ssh_key: ""
+gerritbot_ssh_pubkey: ""
 gerritbot_ssh_key_format: "rsa"
 gerritbot_known_hosts: |
  [review.opendev.org]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH
--- a/playbooks/roles/matrix-gerritbot/tasks/main.yaml
+++ b/playbooks/roles/matrix-gerritbot/tasks/main.yaml
@ -36,6 +36,11 @@
    mode: 0400
  no_log: true

+- name: Install gerritbot ssh key
+  copy:
+    content: "{{ gerritbot_ssh_pubkey }}"
+    dest: "/var/lib/matrix-gerritbot/ssh/id_{{ gerritbot_ssh_key_format }}.pub"
+
 - name: Install gerritbot known host
  copy:
    content: "{{ gerritbot_known_hosts }}"
--- a/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2
+++ b/playbooks/roles/matrix-gerritbot/templates/docker-compose.yaml.j2
@ -17,7 +17,7 @@ services:
      - /var/lib/matrix-gerritbot/config:/config
      - /var/lib/matrix-gerritbot/ssh:/root/.ssh
    command: >-
-      --gerrit-host    {{ gerritbot_gerrit_host }}
-      --gerrit-user    {{ gerritbot_gerrit_user }}
-      --homeserver-url {{ gerritbot_matrix_homeserver }}
-      --config-file    /config/gerritbot.dhall
+      --gerrit-host     {{ gerritbot_gerrit_host }}
+      --gerrit-user     {{ gerritbot_gerrit_user }}
+      --homeserver-url  {{ gerritbot_matrix_homeserver }}
+      --config-file     /config/gerritbot.dhall
--- a/zuul.d/system-config-run.yaml
+++ b/zuul.d/system-config-run.yaml
@ -160,12 +160,12 @@
      - playbooks/roles/limnoria
      - playbooks/roles/logrotate
      - playbooks/roles/matrix-eavesdrop
+      - playbooks/roles/matrix-gerritbot
      - playbooks/roles/statusbot
      - playbooks/zuul/templates/group_vars/eavesdrop.yaml.j2
      - docker/accessbot/
      - docker/ircbot
      - docker/matrix-eavesdrop
-      - docker/matrix-gerritbot
      - testinfra/test_eavesdrop.py

 - job: