From b2e5500cc266052cb9c801a42ff6b74eb81fc46c Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Wed, 23 Oct 2019 10:53:59 -0700 Subject: [PATCH] Update install for buster Add the correct libre2 package name for Debian buster, and also update the quickstart playbook and documentation to deal with the change in default rsa key encoding format from newer versions of ssh-keygen. Change-Id: I6ada88cd896d844c1171f7bcaf4691dea023d51f --- bindep.txt | 1 + doc/source/admin/components.rst | 4 ++++ doc/source/admin/drivers/gerrit.rst | 4 ++++ doc/source/admin/examples/playbooks/setup.yaml | 4 ++-- doc/source/admin/nodepool_install.rst | 2 +- 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/bindep.txt b/bindep.txt index d150cfcd6b..8f0c819881 100644 --- a/bindep.txt +++ b/bindep.txt @@ -34,6 +34,7 @@ python3.7 [test platform:ubuntu-bionic] python3.7-dev [test platform:ubuntu-bionic] bubblewrap [!platform:ubuntu-xenial] libre2-dev [compile test platform:dpkg] +libre2-5 [platform:debian-buster] libre2-4 [platform:ubuntu-bionic] libre2-3 [platform:debian-stretch] libre2-1v5 [platform:ubuntu-xenial] diff --git a/doc/source/admin/components.rst b/doc/source/admin/components.rst index a9b8029d3e..62053b390e 100644 --- a/doc/source/admin/components.rst +++ b/doc/source/admin/components.rst @@ -580,6 +580,10 @@ The following sections of ``zuul.conf`` are used by the executor: SSH private key file to be used when logging into worker nodes. + .. note:: If you use an RSA key, ensure it is encoded in the PEM + format (use the ``-t rsa -m PEM`` arguments to + `ssh-keygen`). + .. attr:: default_username :default: zuul diff --git a/doc/source/admin/drivers/gerrit.rst b/doc/source/admin/drivers/gerrit.rst index 7d0bc4fe13..9f11dde653 100644 --- a/doc/source/admin/drivers/gerrit.rst +++ b/doc/source/admin/drivers/gerrit.rst @@ -15,6 +15,10 @@ create a Gerrit user with that key:: cat ~/id_rsa.pub | ssh -p29418 review.example.com gerrit create-account --ssh-key - --full-name Zuul zuul +.. note:: If you use an RSA key, ensure it is encoded in the PEM + format (use the ``-t rsa -m PEM`` arguments to + `ssh-keygen`). + Give that user whatever permissions will be needed on the projects you want Zuul to report on. For instance, you may want to grant ``Verified +/-1`` and ``Submit`` to the user. Additional categories diff --git a/doc/source/admin/examples/playbooks/setup.yaml b/doc/source/admin/examples/playbooks/setup.yaml index 9e5c70d9a7..d6e35365c4 100644 --- a/doc/source/admin/examples/playbooks/setup.yaml +++ b/doc/source/admin/examples/playbooks/setup.yaml @@ -10,11 +10,11 @@ args: creates: /var/ssh/admin.pub - name: Generate Zuul SSH key for Gerrit - command: ssh-keygen -f /var/ssh/zuul -N '' + command: ssh-keygen -f /var/ssh/zuul -N '' -t rsa -m PEM args: creates: /var/ssh/zuul.pub - name: Generate Zuul SSH key for Nodepool - command: ssh-keygen -f /var/ssh/nodepool -N '' + command: ssh-keygen -f /var/ssh/nodepool -N '' -t rsa -m PEM args: creates: /var/ssh/nodepool.pub - name: Add Nodepool key to node authorized_keys file diff --git a/doc/source/admin/nodepool_install.rst b/doc/source/admin/nodepool_install.rst index 2e3ec65615..008c49dac4 100644 --- a/doc/source/admin/nodepool_install.rst +++ b/doc/source/admin/nodepool_install.rst @@ -14,7 +14,7 @@ into the nodes that Nodepool provides. sudo groupadd --system nodepool sudo useradd --system nodepool --home-dir /var/lib/nodepool --create-home -g nodepool - ssh-keygen -t rsa -b 2048 -f nodepool_rsa # don't enter a passphrase + ssh-keygen -t rsa -m PEM -b 2048 -f nodepool_rsa # don't enter a passphrase sudo mkdir /etc/nodepool/ sudo mkdir /var/log/nodepool sudo chgrp -R nodepool /var/log/nodepool/