Merge "Deprecate SshServerOptionsOverrides"

2022-06-03 21:46:42 +00:00 · 2022-06-03 21:46:42 +00:00 · 2fcdafcec1
commit 2fcdafcec1
parent 26cbbd5f0c e174fd82cf
3 changed files with 43 additions and 24 deletions
--- a/deployment/sshd/sshd-baremetal-ansible.yaml
+++ b/deployment/sshd/sshd-baremetal-ansible.yaml
@ -36,31 +36,8 @@ parameters:
    description: Configures /etc/motd text
    type: string
  SshServerOptions:
-    default:
-      HostKey:
-        - '/etc/ssh/ssh_host_rsa_key'
-        - '/etc/ssh/ssh_host_ecdsa_key'
-        - '/etc/ssh/ssh_host_ed25519_key'
-      SyslogFacility: 'AUTHPRIV'
-      AuthorizedKeysFile: '.ssh/authorized_keys'
-      ChallengeResponseAuthentication: 'no'
-      GSSAPIAuthentication: 'no'
-      GSSAPICleanupCredentials: 'no'
-      UsePAM: 'yes'
-      UseDNS: 'no'
-      X11Forwarding: 'yes'
-      AcceptEnv:
-        - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
-        - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
-        - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
-        - 'XMODIFIERS'
-      Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'
-    description: Mapping of sshd_config values
-    type: json
-  SshServerOptionsOverrides:
    default: {}
-    description: Mapping of sshd_config values to override definitions in
-                 SshServerOptions
+    description: Mapping of sshd_config values
    type: json
  PasswordAuthentication:
    default: 'no'
@ -70,6 +47,23 @@ parameters:
    default: false
    description: Set this to true to open up ssh access from all sources.
    type: boolean
+  # DEPRECATED: the following options are deprecated and are currently maintained
+  # for backwards compatibility.
+  SshServerOptionsOverrides:
+    default: {}
+    description: Mapping of sshd_config values to override definitions in
+                 SshServerOptions
+    type: json
+
+parameter_groups:
+- label: deprecated
+  description: |
+   The following parameters are deprecated and will be removed. They should not
+   be relied on for new deployments. If you have concerns regarding deprecated
+   parameters, please contact the TripleO development team on IRC or the
+   OpenStack mailing list.
+  parameters:
+  - SshServerOptionsOverrides

 conditions:
  ssh_banner_text_set:
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@ -347,6 +347,7 @@ parameter_merge_strategies:
  ServiceNetMap: merge
  VipSubnetMap: merge
  EndpointMap: merge
+  SshServerOptions: merge
 {% for role in roles %}
  {{role.name}}Parameters: merge
 {% endfor %}
@ -521,3 +522,22 @@ parameter_defaults:
    SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
    SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
    SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
+  SshServerOptions:
+    HostKey:
+      - '/etc/ssh/ssh_host_rsa_key'
+      - '/etc/ssh/ssh_host_ecdsa_key'
+      - '/etc/ssh/ssh_host_ed25519_key'
+    SyslogFacility: 'AUTHPRIV'
+    AuthorizedKeysFile: '.ssh/authorized_keys'
+    ChallengeResponseAuthentication: 'no'
+    GSSAPIAuthentication: 'no'
+    GSSAPICleanupCredentials: 'no'
+    UsePAM: 'yes'
+    UseDNS: 'no'
+    X11Forwarding: 'yes'
+    AcceptEnv:
+      - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+      - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+      - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
+      - 'XMODIFIERS'
+    Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'
--- a/releasenotes/notes/deprecate-SshServerOptionsOverrides-parameter-40820bd943e20018.yaml
+++ b/releasenotes/notes/deprecate-SshServerOptionsOverrides-parameter-40820bd943e20018.yaml
@ -0,0 +1,5 @@
+---
+deprecations:
+  - |
+    The parameter SshServerOptionsOverrides has been deprecated since Ussuri.
+    Use SshServerOptions to override partial sshd_config.