Merge "Switch to ecdsa ssh key type by default"

2022-05-09 12:27:23 +00:00 · 2022-05-09 12:27:23 +00:00 · a7bedbde46
commit a7bedbde46
parent a06eb65363 75ca0b87c6
2 changed files with 13 additions and 1 deletions
--- a/releasenotes/notes/Switch-to-ecdsa-ssh-key-type-by-default-0425b5d5ec72c1c3.yaml
+++ b/releasenotes/notes/Switch-to-ecdsa-ssh-key-type-by-default-0425b5d5ec72c1c3.yaml
@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    As the version of cirros used in OpenStack CI does not support SHA-2
+    signatures for ssh, any connection from a FIPS enabled machine will fail
+    in case validation.ssh_key_type is set to rsa (the default until now).
+    Using ecdsa keys helps us avoid the mentioned issue.
+    From now on, the validation.ssh_key_type option will be set to ecdsa
+    by default for testing simplicity.
+    This change shouldn't have any drastic effect on any tempest consumer,
+    in case rsa ssh type is required in a consumer's scenario,
+    validation.ssh_key_type can be overridden to rsa.
--- a/tempest/config.py
+++ b/tempest/config.py
@ -962,7 +962,7 @@ ValidationGroup = [
               help="Network used for SSH connections. Ignored if "
                    "connect_method=floating."),
    cfg.StrOpt('ssh_key_type',
-               default='rsa',
+               default='ecdsa',
               help='Type of key to use for ssh connections. '
                    'Valid types are rsa, ecdsa'),
 ]