Add element for openssh and override UseDNS

We need to disable UseDNS in default sshd_config, which is something we already do when deploying SSHD service in puppet/services/sshd.yaml but the parameter is still enabled before Puppet has run, which causes problems when Ansible has to execute remote tasks via ssh, it timeouts. This patch adds an element that will allow us to override the default openssh configuration and it'll disable UseDNS. Change-Id: I2df6c45936ee88e0eb048998ae23c9334f295fdf Related-Bug: #1774557
2018-06-01 09:14:48 -07:00 · 2018-06-01 09:14:48 -07:00 · 939b5861e1
parent cb18bc8249
commit 939b5861e1
3 changed files with 18 additions and 0 deletions
--- a/elements/openssh/README.md
+++ b/elements/openssh/README.md
@ -0,0 +1,5 @@
+=======
+openssh
+=======
+
+Override the default openssh configuration.
--- a/elements/openssh/post-install.d/71-openssh
+++ b/elements/openssh/post-install.d/71-openssh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+# https://bugs.launchpad.net/tripleo/+bug/1774557
+sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
--- a/releasenotes/notes/openssh-79e2d39397761e74.yaml
+++ b/releasenotes/notes/openssh-79e2d39397761e74.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    An element can now override the default openssh configuration.
+    For now, we set UseDNS to 'no' to avoid timeouts when Ansible tries
+    to run remote tasks via ssh.