Commit Graph

36 Commits

Author SHA1 Message Date
OpenDev Sysadmins b8447e56e1 OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:26:01 +00:00
Ian Wienand 60494ad3ca Replace openstack.org git:// URLs with https://
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.

This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.

This update should result in no functional change.

For more information see the thread at

 http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html

Change-Id: Id47014f72a733120c2d894c1ab8cb265a0b1768c
2019-03-24 20:35:45 +00:00
Zuul 7aa95dd9d6 Merge "Let sshd use ecdsa and ed25519 host keys" 2018-07-21 13:17:55 +00:00
Colleen Murphy f2a3146875 Update Gemfile for Zuulv3
The logic in the Gemfile was relying on Zuulv2 variables to find out
whether the spec helper gem was already available on disk, and since
Zuulv3 has changed things it was failing to find it and downloading the
master version instead. This patch ensures the Gemfile looks for the gem
in the right place when running in CI.

Change-Id: I9ca22ebc2c9d79cfc57bd14c68347674031bd21f
2018-07-12 09:57:45 +02:00
Colleen Murphy 277e41829d Let sshd use ecdsa and ed25519 host keys
It seems that our nodepool is configured with the ecdsa and ed25519 host
keys from the nodepool nodes, but not the rsa or dsa keys. This is a
problem when we try to test our puppet SSH configuration in CI, because
the puppet module removes the ability for the Zuul executor to reach the
node and perform cleanup tasks after the tests have completed.

This patch adds back the HostKey settings that the nodepool images
started out with. This should not affect the puppetmaster's or a
rooter's ability to log into production servers that are already using
an rsa host key.

Change-Id: I150b76a632398d0a6f00d5b98ad7277c62377601
2018-07-10 12:18:08 +02:00
Colleen Murphy 685291c29e Depend on helper gem for spec_helper_acceptance
Instead of keeping a local copy of spec_helper_acceptance.rb and
requiring updates to all modules for any change, we can move it into the
common helper gem and require it from there. This will make it easier to
create and review changes that affect all puppet modules. Also change
the Gemfile to look for the gem in the local workspace if running in a
zuul environment.

Change-Id: I37d2467f052556b8490c9bc4ca8d63849b8c09d4
2017-08-18 10:41:44 +02:00
Colleen Murphy fcc60782fd Fix beaker on xenial
Add a xenial nodeset and update the spec helper to install puppet 3 from
the Ubuntu repos instead of from puppetlabs.

Change-Id: I80105ebfca6c9ad732a13496dabada406ce82018
2017-06-24 16:37:13 +02:00
Paul Belanger fa71d35cab
Add @trusted_ssh_type for user to override
We need to expose the ability to override the type of match we want to
do. For example, we want to do match address 1.2.3.4 in sshd_config.

Change-Id: I28c5d71e62a62bd27f289a8bd70b235eac213e5c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-08-01 12:47:58 -04:00
Derek Higgins 5d55606789 Make sshd PermitRootLogin configurable
Make this configurable so that it can be enabled for images used
by nodepool.

Change-Id: I704453c6d3091a24e68509650c61efb638aea601
2016-07-08 23:46:57 +01:00
Spencer Krum 1d88ae1dd4 Use new infra_spec_helper for gem dependencies
Change-Id: I3893352ebdbd110a06694dd05a06b6f756da5ef8
2016-06-21 18:40:11 -07:00
Monty Taylor b9370c3cea
Allow root logins from localhost
In order to have ansible be able to ssh in to itself, we need to enable
localhost ssh logins.

Change-Id: Iff9d7d72c4ca7848aa49a55d75ee5a2fdd313761
2016-05-03 08:46:58 -05:00
Spencer Krum ee2fc59182 Pin google-api-client; sanitize Gemfile
Change-Id: I6babfdca840ac7cf9a2af765265cccaf563a74f6
2016-04-14 15:23:54 -07:00
Spencer Krum 0586110578 Fix target path for regular git clone during tests
Use same target directory for zuul-cloner and
the regular git command.

Change-Id: I58b6d4f35d83db7b434bf3aaef6cf4872a0e18fb
Co-Authored-By: Fabien Boucher <fabien.boucher@enovance.com>
2015-08-19 16:42:04 -07:00
Colleen Murphy 291be82364 Add Gemfile and puppet 4 checks
In anticipation of puppet 4, start trying to deal with puppet 4 things
that can be helpfully predicted by puppet lint plugins. Also fix lint
errors caught by the puppet-lint-absolute_classname-check gem

Change-Id: Icff84f837a99856a3b5321fc9200b726877c6de9
2015-08-13 18:11:23 -07:00
Spencer Krum a80baa3ef2 Boilerplate beaker-rspec files
Change-Id: I8443c920a41e4af2f0bfa937354eea2f88ff9e64
2015-07-28 02:05:52 -07:00
Jenkins b6c6d37948 Merge "Don't reload ssh service in a chroot" 2015-06-29 17:36:10 +00:00
Monty Taylor 8dcdef8e1e Don't reload ssh service in a chroot
When we're building vms in chroots, attempting to reload the ssh service
will fail. Don't do it.

Change-Id: I346bdeaa73a9f8a8a7afd3f4866c18c2ed640dbc
2015-05-28 08:52:12 -07:00
Jeremy Stanley 6ee3bbd629 Replace ci.o.o links with docs.o.o/infra
The http://ci.openstack.org/ documentation site has been deprecated,
replaced by redirects to corresponding paths within
http://docs.openstack.org/infra/ where other Project Infrastructure
documentation already resides.

Change-Id: I660df70a606216ad836005d04745382127e18153
2015-05-14 21:38:19 +00:00
Ramy Asselin 993d9df29d Rename openstackci to openstackinfra
Change-Id: Ib33be1f5598b098069d7fa3856f99255ec516a14
2015-04-20 13:50:36 -07:00
Fabien Boucher 50004931ee Add the trusted source as class parameter
Remove the hardcoded puppetmaster.openstack.org value
from the template but keep it as default parameter
value for ssh class.

Change-Id: I4b07f78ed455841cc2301227e42222ca96b24821
2015-03-25 15:05:54 +00:00
Jeremy Stanley a078dda06a Add missing LICENSE file
The content of this project is Apache 2 licensed, but we should
include a standard LICENSE file just to be clear about that.

Change-Id: Iee6320b9d7e35fbe8d3b0a9794f3e485c18ef2c8
2015-01-29 22:59:51 +00:00
Ramy Asselin 47900387e6 Add initial puppet module files for SSH
Change-Id: I94f185f679b999be1cb9191a6cbc9bd9124d4f0f
2015-01-29 11:20:11 -08:00
Thomas Bechtold 807b42d333 Update ssh module to support SUSE
Add parameters for SUSE based distros.

Change-Id: I5efbe49c72089f0dc59663f32009f85dfc3bb6e6
2014-09-25 09:07:38 +02:00
Jeremy Stanley 3d76cd02b4 Cease using ci-puppetmaster.openstack.org
Now that the migration to puppetmaster.openstack.org is complete,
remove duplicate references to ci-puppetmaster.openstack.org and
also take out the temporary Puppet v2 vs v3 compatibility code used
to choose between them.

Change-Id: I32d48e844ab1872391f9f2a4e233804b7a29feb5
2014-09-15 20:48:31 +00:00
Monty Taylor 34c7abd85d Fix the sshd config to for inbound ansible
The ssh keys were changed to not tie to a forced-command, but the
sshd config was missed.

Change-Id: I889f7983d0e7d0e1b48d825c7d63cf678782d169
2014-07-04 10:48:12 -07:00
Monty Taylor 1214c15a21 Add keys and script for puppet over ssh
In anticipation of driving puppet over ssh, we need keys on the hosts
and the scripts on the master. Don't turn them on yet, because we want
to be able to do some by-hand testing of the mechanism.

Change-Id: I2c353777e2f8fb5a2e733ce405ba40427ce901e5
2014-04-15 20:24:16 -07:00
Monty Taylor beb78ff787 Fix sftp access on CentOS machines
The sshd_config file that we put everywhere has an invalid value for
where the sftp command is. On RedHat, it's in /usr/libexec - which means
that it is not possible to use SFTP to interact with our CentOS
machines.

Replace the static file with a template so that we can substitute the
correct value based on which distro it is.

Change-Id: Ia9ba88199f4ff024a904431821926dbb26f35ad6
2014-04-07 22:19:40 -07:00
Jeremy Stanley dcdaa62f9b Use facter's osfamily instead of operatingsystem.
The osfamily fact is more flexible when we want to support more
GNU/Linux distributions while avoiding unnecessary code duplication.

Change-Id: Iea4c73c19e7f94df8daccf25c764b6a4539a1ea0
Reviewed-on: https://review.openstack.org/27400
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2013-04-25 21:37:03 +00:00
Jeremy Stanley 6bc6ff891d The facter osfamily of Ubuntu is Debian.
Clean up facter osfamily matches to just use Debian, not Ubuntu.
This is manually tested and confirmed to at least be the case on
Oneiric, Precise and Quantal.

Change-Id: I27b184ac419910f9c3271c3b4e57886333282a5f
Reviewed-on: https://review.openstack.org/27399
Reviewed-by: Spencer Krum <krum.spencer@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2013-04-25 21:37:00 +00:00
Jeremy Stanley bc1a661cdc Jenkins slave puppetry for CentOS.
The install scripts now look for CentOS in release files. Also some
instances of facter's operatingsystem are switched to osfamily and
capitalization of RedHat is normalized to match what facter uses.

Change-Id: I3bbca5481d0d5e6de9e62bfd6e2b0a85264ed6ed
Reviewed-on: https://review.openstack.org/27398
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2013-04-25 21:36:58 +00:00
Dan Prince fcfc54edea Update ssh module to support RHEL.
Parameterizes the ssh module so that it supports both Ubuntu and
RHEL.

Change-Id: I9163e2f41d9a25df5f757592e642073fc19001f5
Reviewed-on: https://review.openstack.org/23299
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2013-03-04 18:00:30 +00:00
Matthew Wagoner 6039997216 Clean up of minor puppet-lint warnings.
Mostly documentation and parameterised class parameter complaints.

Change-Id: I5b3ffa4ad3f707f385165c2d86c891c6bd4c1ae0
Reviewed-on: https://review.openstack.org/16901
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-11-26 20:55:57 +00:00
Matthew Wagoner cb328cabe5 style edits to puppet config files
Change-Id: I4f7314bcb1cb58f94ff7a78aebe27ec4591fc11c
Reviewed-on: https://review.openstack.org/14187
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-10-10 21:01:08 +00:00
Clark Boylan 30acf8f70f Kill trailing whitespace.
Killed trailing whitespace in the puppet repo files using
`sed -r 's/\s+$//'`. Skip binary files and html templates for lodgeit
and mailman.

Change-Id: Ib43493161d8f0e8fae1426b22fb1737832ca14cd
Reviewed-on: https://review.openstack.org/12969
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-10-05 23:27:31 +00:00
James E. Blair 8488e7536c Use unattended upgrades.
Stop using latest for packages installed by puppet.  This way,
all system packages get updated, not just some random ones.

The unattended-upgrades config will email root.  It is configured
for openstack servers and jenkins slaves, but not template hosts
so that it doesn't interfere with spin-up.

Also, fix some bits in the gerrit module that were causing
continuous restarts on gerrit-dev.

Install emacs.

Change-Id: I51c9083ccd3669f284fce4b50c36a37a0cac92d8
2012-06-05 22:59:46 +00:00
James E. Blair 7a30eb0678 Add puppet module for ssh that installs an sshd_config that only allows login via keys. 2011-07-18 17:33:29 +00:00