From 3e2a8d91cfd29b57a50df27845c63285de9853ee Mon Sep 17 00:00:00 2001 From: Jose Luis Franco Arza Date: Fri, 3 Jul 2020 16:05:32 +0200 Subject: [PATCH] Add PermitRootLogin option in sshd_config before leapp. One of the pre-requisites for leapp tool to be able to upgrade is the existence of the PermitRootLogin option in the sshd_config file. It doesn't mind which value it has, it needs to be set. For that reason, this patch will set the value to without-password (which is the default for the PermitRootLogin field). The selection of the option isn't really relevant, as during the installation of the openstack services puppet will just overwrite the sshd_config, therefore this is simply a hack for leapp to let us upgrade. Change-Id: Id647896fda6cc3fe7bf5eb5ba2de05111d174092 (cherry picked from commit d8e5ccb8cb3be3425c831c2e12407430b052cdde) --- .../tripleo-packages-baremetal-puppet.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml b/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml index 360d5cabdf..f863cf2d84 100644 --- a/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml +++ b/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml @@ -163,7 +163,15 @@ outputs: path: "/etc/leapp/transaction/to_install" line: "{{ item }}" loop: "{{ pkg_to_install }}" - + - name: "check sshd_config file" + stat: + path: "/etc/ssh/sshd_config" + register: sshd_config_result + - name: "add PermitRootLogin option for leapp" + lineinfile: + path: "/etc/ssh/sshd_config" + regexp: "^(# *)?PermitRootLogin" + line: "PermitRootLogin without-password" - name: system_upgrade_prepare step 4 tags: - never