Ensure sshd has proper configuration for its HostKey.
Since DSA is deprecated, sshd doesn't generate it anymore, though it still wants to load it at startup. Adding the HostKey options should prevent that, and allow to get cleaner logs in the CI (and on deployed openstack as well ;). Change-Id: I5580fa86f8adef7d598b76836a0419b341a8bc9c Closes-Bug: 1730351
This commit is contained in:
parent
70169062e2
commit
1b4f5d0ec6
|
@ -79,8 +79,18 @@ class tripleo::profile::base::sshd (
|
|||
$sshd_options_port = {'Port' => unique(any2array($port))}
|
||||
}
|
||||
|
||||
# Prevent error messages on sshd startup
|
||||
$basic_options = {
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
]
|
||||
}
|
||||
|
||||
$sshd_options = merge(
|
||||
$options,
|
||||
$basic_options,
|
||||
$sshd_options_banner,
|
||||
$sshd_options_motd,
|
||||
$sshd_options_port
|
||||
|
|
|
@ -26,8 +26,13 @@ describe 'tripleo::profile::base::sshd' do
|
|||
it do
|
||||
is_expected.to contain_class('ssh::server').with({
|
||||
'storeconfigs_enabled' => false,
|
||||
'options' => {
|
||||
'Port' => [22]
|
||||
'options' => {
|
||||
'Port' => [22],
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
is_expected.to_not contain_file('/etc/issue')
|
||||
|
@ -42,7 +47,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
is_expected.to contain_class('ssh::server').with({
|
||||
'storeconfigs_enabled' => false,
|
||||
'options' => {
|
||||
'Port' => [22]
|
||||
'Port' => [22],
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
is_expected.to_not contain_file('/etc/issue')
|
||||
|
@ -57,7 +67,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
is_expected.to contain_class('ssh::server').with({
|
||||
'storeconfigs_enabled' => false,
|
||||
'options' => {
|
||||
'Port' => [123]
|
||||
'Port' => [123],
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
end
|
||||
|
@ -69,7 +84,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
is_expected.to contain_class('ssh::server').with({
|
||||
'storeconfigs_enabled' => false,
|
||||
'options' => {
|
||||
'Port' => [456, 123]
|
||||
'Port' => [456, 123],
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
end
|
||||
|
@ -81,7 +101,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
is_expected.to contain_class('ssh::server').with({
|
||||
'storeconfigs_enabled' => false,
|
||||
'options' => {
|
||||
'Port' => [123]
|
||||
'Port' => [123],
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
end
|
||||
|
@ -94,7 +119,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
'storeconfigs_enabled' => false,
|
||||
'options' => {
|
||||
'Banner' => '/etc/issue.net',
|
||||
'Port' => [22]
|
||||
'Port' => [22],
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
is_expected.to contain_file('/etc/issue').with({
|
||||
|
@ -120,7 +150,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
'storeconfigs_enabled' => false,
|
||||
'options' => {
|
||||
'Port' => [22],
|
||||
'PrintMotd' => 'yes'
|
||||
'PrintMotd' => 'yes',
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
is_expected.to contain_file('/etc/motd').with({
|
||||
|
@ -141,7 +176,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
'storeconfigs_enabled' => false,
|
||||
'options' => {
|
||||
'Port' => [22],
|
||||
'X11Forwarding' => 'no'
|
||||
'X11Forwarding' => 'no',
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
is_expected.to_not contain_file('/etc/motd')
|
||||
|
@ -161,7 +201,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
'options' => {
|
||||
'Banner' => '/etc/issue.net',
|
||||
'Port' => [22],
|
||||
'PrintMotd' => 'yes'
|
||||
'PrintMotd' => 'yes',
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
is_expected.to contain_file('/etc/motd').with({
|
||||
|
@ -192,7 +237,7 @@ describe 'tripleo::profile::base::sshd' do
|
|||
:options => {
|
||||
'Port' => [22],
|
||||
'PrintMotd' => 'no', # this should be overridden
|
||||
'X11Forwarding' => 'no'
|
||||
'X11Forwarding' => 'no',
|
||||
}
|
||||
}}
|
||||
it do
|
||||
|
@ -202,7 +247,12 @@ describe 'tripleo::profile::base::sshd' do
|
|||
'Banner' => '/etc/issue.net',
|
||||
'Port' => [22],
|
||||
'PrintMotd' => 'yes',
|
||||
'X11Forwarding' => 'no'
|
||||
'X11Forwarding' => 'no',
|
||||
'HostKey' => [
|
||||
'/etc/ssh/ssh_host_rsa_key',
|
||||
'/etc/ssh/ssh_host_ecdsa_key',
|
||||
'/etc/ssh/ssh_host_ed25519_key',
|
||||
],
|
||||
}
|
||||
})
|
||||
is_expected.to contain_file('/etc/motd').with({
|
||||
|
|
Loading…
Reference in New Issue