ssh: enable PasswordAuthentication for containerized undercloud

We don't expect our operators to have SSH keys setup on the undercloud node, so we don't want to block the PasswordAuthentication in sshd_config. Depends-On: I88b24c82fb3cf2309f45d5d447a9b0c403da7fc9 Change-Id: I10b112e8bffff30879606ddd970dfd3ec67fd9c7 Closes-Bug: #1772519
2018-06-01 14:22:55 -07:00 · 2018-06-01 14:22:55 -07:00 · 70901ab69a
commit 70901ab69a
parent a33d05d30d
2 changed files with 6 additions and 1 deletions
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@ -123,3 +123,4 @@ parameter_defaults:
      DhcpRangeEnd: '192.168.24.24'
  UndercloudCtlplaneLocalSubnet: 'ctlplane-subnet'
  MistralDockerGroup: true
+  PasswordAuthentication: 'yes'
--- a/puppet/services/sshd.yaml
+++ b/puppet/services/sshd.yaml
@ -46,7 +46,6 @@ parameters:
        - '/etc/ssh/ssh_host_ed25519_key'
      SyslogFacility: 'AUTHPRIV'
      AuthorizedKeysFile: '.ssh/authorized_keys'
-      PasswordAuthentication: 'no'
      ChallengeResponseAuthentication: 'no'
      GSSAPIAuthentication: 'yes'
      GSSAPICleanupCredentials: 'no'
@ -62,6 +61,10 @@ parameters:
      Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'
    description: Mapping of sshd_config values
    type: json
+  PasswordAuthentication:
+    default: 'no'
+    description: Whether or not disable password authentication
+    type: string

 outputs:
  role_data:
@ -72,5 +75,6 @@ outputs:
        tripleo::profile::base::sshd::bannertext: {get_param: BannerText}
        tripleo::profile::base::sshd::motd: {get_param: MessageOfTheDay}
        tripleo::profile::base::sshd::options: {get_param: SshServerOptions}
+        tripleo::profile::base::sshd::password_authentication: {get_param: PasswordAuthentication}
      step_config: |
        include ::tripleo::profile::base::sshd