From 956372cd395d0c7050464078a3a861e7e97faf35 Mon Sep 17 00:00:00 2001
From: Khai Do <zaro0508@gmail.com>
Date: Fri, 18 Nov 2016 22:01:54 -0800
Subject: [PATCH] Setup known_hosts file on gerrit servers

Setup known_hosts file on review.o.o and review-dev.o.o so that
known services connecting to it won't be blocked.

Change-Id: If0b082867df73322a9115b94ea5be18d0631acc0
depends-on: I0bb6638f5362696cd9a9a7401cb2e96ab69eea06
---
 manifests/site.pp                                 | 2 ++
 modules/openstack_project/manifests/gerrit.pp     | 2 ++
 modules/openstack_project/manifests/review.pp     | 2 ++
 modules/openstack_project/manifests/review_dev.pp | 2 ++
 4 files changed, 8 insertions(+)

diff --git a/manifests/site.pp b/manifests/site.pp
index 6b06f231b5..132d4f6952 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -36,6 +36,7 @@ node 'review.openstack.org' {
     mysql_password                      => hiera('gerrit_mysql_password'),
     email_private_key                   => hiera('gerrit_email_private_key'),
     token_private_key                   => hiera('gerrit_rest_token_private_key'),
+    gerrit_ssh_known_hosts              => hiera('gerrit_ssh_known_hosts'),
     gerritbot_password                  => hiera('gerrit_gerritbot_password'),
     gerritbot_ssh_rsa_key_contents      => hiera('gerritbot_ssh_rsa_key_contents'),
     gerritbot_ssh_rsa_pubkey_contents   => hiera('gerritbot_ssh_rsa_pubkey_contents'),
@@ -81,6 +82,7 @@ node 'review-dev.openstack.org' {
     email_private_key                   => hiera('gerrit_dev_email_private_key'),
     contactstore_appsec                 => hiera('gerrit_dev_contactstore_appsec'),
     contactstore_pubkey                 => hiera('gerrit_dev_contactstore_pubkey'),
+    gerrit_ssh_known_hosts              => hiera('gerrit_ssh_known_hosts'),
     ssh_dsa_key_contents                => hiera('gerrit_dev_ssh_dsa_key_contents'),
     ssh_dsa_pubkey_contents             => hiera('gerrit_dev_ssh_dsa_pubkey_contents'),
     ssh_rsa_key_contents                => hiera('gerrit_dev_ssh_rsa_key_contents'),
diff --git a/modules/openstack_project/manifests/gerrit.pp b/modules/openstack_project/manifests/gerrit.pp
index 700e8b92b6..dbf52c15df 100644
--- a/modules/openstack_project/manifests/gerrit.pp
+++ b/modules/openstack_project/manifests/gerrit.pp
@@ -10,6 +10,7 @@ class openstack_project::gerrit (
   $canonicalweburl = "https://${::fqdn}/",
   $git_http_url = '',
   $canonical_git_url = '',
+  $gerrit_ssh_known_hosts = '',
   $serveradmin = 'webmaster@openstack.org',
   $ssh_host_key = '/home/gerrit2/review_site/etc/ssh_host_rsa_key',
   $ssh_project_key = '/home/gerrit2/review_site/etc/ssh_project_rsa_key',
@@ -122,6 +123,7 @@ class openstack_project::gerrit (
     enable_javamelody_top_menu          => false,
     # passthrough
     java_home                           => $java_home,
+    known_hosts_content                 => $gerrit_ssh_known_hosts,
     ssl_cert_file                       => $ssl_cert_file,
     ssl_key_file                        => $ssl_key_file,
     ssl_chain_file                      => $ssl_chain_file,
diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp
index 031383ba7a..92239fdabb 100644
--- a/modules/openstack_project/manifests/review.pp
+++ b/modules/openstack_project/manifests/review.pp
@@ -85,6 +85,7 @@ class openstack_project::review (
   $storyboard_password = '',
   $project_config_repo = '',
   $projects_config = 'openstack_project/review.projects.ini.erb',
+  $gerrit_ssh_known_hosts = '',
 ) {
 
   $java_home = $::lsbdistcodename ? {
@@ -116,6 +117,7 @@ class openstack_project::review (
     ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
     ssh_welcome_rsa_key_contents        => $ssh_welcome_rsa_key_contents,
     ssh_welcome_rsa_pubkey_contents     => $ssh_welcome_rsa_pubkey_contents,
+    gerrit_ssh_known_hosts              => "${gerrit_ssh_known_hosts} ${gerrit_ssh_host_key}",
     email                               => 'review@openstack.org',
       # 1 + 100 + 9 + 2 + 2 + 25 => 139(rounded up)
     database_poollimit                  => '225',
diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp
index 48caad6e5b..71d26684fb 100644
--- a/modules/openstack_project/manifests/review_dev.pp
+++ b/modules/openstack_project/manifests/review_dev.pp
@@ -29,6 +29,7 @@ class openstack_project::review_dev (
   $storyboard_ssl_cert = '',
   $project_config_repo = '',
   $projects_config = 'openstack_project/review-dev.projects.ini.erb',
+  $gerrit_ssh_known_hosts = '',
 ) {
 
   $java_home = $::lsbdistcodename ? {
@@ -59,6 +60,7 @@ class openstack_project::review_dev (
     ssh_project_rsa_pubkey_contents     => $ssh_project_rsa_pubkey_contents,
     ssh_replication_rsa_key_contents    => $ssh_replication_rsa_key_contents,
     ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
+    gerrit_ssh_known_hosts              => "${gerrit_ssh_known_hosts} ${gerrit_ssh_host_key}",
     email                               => 'review-dev@openstack.org',
     war                                 =>
       'http://tarballs.openstack.org/ci/gerrit/gerrit-v2.11.4.22.e0c0f29.war',