Deprecate SshServerOptionsOverrides

It's very confusing to provide one parameter with a default and
then add another to override it. This would allow merging of the
SshServerOptions as expected.

Change-Id: I2e460c9f3e71c22c94ccb722db63ed31af73f450

deployment/sshd/sshd-baremetal-ansible.yaml

@@ -36,31 +36,8 @@ parameters:
     description: Configures /etc/motd text
     type: string
   SshServerOptions:
-    default:
-      HostKey:
-        - '/etc/ssh/ssh_host_rsa_key'
-        - '/etc/ssh/ssh_host_ecdsa_key'
-        - '/etc/ssh/ssh_host_ed25519_key'
-      SyslogFacility: 'AUTHPRIV'
-      AuthorizedKeysFile: '.ssh/authorized_keys'
-      ChallengeResponseAuthentication: 'no'
-      GSSAPIAuthentication: 'no'
-      GSSAPICleanupCredentials: 'no'
-      UsePAM: 'yes'
-      UseDNS: 'no'
-      X11Forwarding: 'yes'
-      AcceptEnv:
-        - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
-        - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
-        - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
-        - 'XMODIFIERS'
-      Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'
-    description: Mapping of sshd_config values
-    type: json
-  SshServerOptionsOverrides:
     default: {}
-    description: Mapping of sshd_config values to override definitions in
-                 SshServerOptions
+    description: Mapping of sshd_config values
     type: json
   PasswordAuthentication:
     default: 'no'
@@ -70,6 +47,23 @@ parameters:
     default: false
     description: Set this to true to open up ssh access from all sources.
     type: boolean
+  # DEPRECATED: the following options are deprecated and are currently maintained
+  # for backwards compatibility.
+  SshServerOptionsOverrides:
+    default: {}
+    description: Mapping of sshd_config values to override definitions in
+                 SshServerOptions
+    type: json
+
+parameter_groups:
+- label: deprecated
+  description: |
+   The following parameters are deprecated and will be removed. They should not
+   be relied on for new deployments. If you have concerns regarding deprecated
+   parameters, please contact the TripleO development team on IRC or the
+   OpenStack mailing list.
+  parameters:
+  - SshServerOptionsOverrides
 
 conditions:
   ssh_banner_text_set:

overcloud-resource-registry-puppet.j2.yaml

@@ -347,6 +347,7 @@ parameter_merge_strategies:
   ServiceNetMap: merge
   VipSubnetMap: merge
   EndpointMap: merge
+  SshServerOptions: merge
 {% for role in roles %}
   {{role.name}}Parameters: merge
 {% endfor %}
@@ -521,3 +522,22 @@ parameter_defaults:
     SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS}
     SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS}
     SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS}
+  SshServerOptions:
+    HostKey:
+      - '/etc/ssh/ssh_host_rsa_key'
+      - '/etc/ssh/ssh_host_ecdsa_key'
+      - '/etc/ssh/ssh_host_ed25519_key'
+    SyslogFacility: 'AUTHPRIV'
+    AuthorizedKeysFile: '.ssh/authorized_keys'
+    ChallengeResponseAuthentication: 'no'
+    GSSAPIAuthentication: 'no'
+    GSSAPICleanupCredentials: 'no'
+    UsePAM: 'yes'
+    UseDNS: 'no'
+    X11Forwarding: 'yes'
+    AcceptEnv:
+      - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+      - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+      - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
+      - 'XMODIFIERS'
+    Subsystem: 'sftp  /usr/libexec/openssh/sftp-server'

releasenotes/notes/deprecate-SshServerOptionsOverrides-parameter-40820bd943e20018.yaml

@@ -0,0 +1,5 @@
+---
+deprecations:
+  - |
+    The parameter SshServerOptionsOverrides has been deprecated since Ussuri.
+    Use SshServerOptions to override partial sshd_config.