It seems that our nodepool is configured with the ecdsa and ed25519 host
keys from the nodepool nodes, but not the rsa or dsa keys. This is a
problem when we try to test our puppet SSH configuration in CI, because
the puppet module removes the ability for the Zuul executor to reach the
node and perform cleanup tasks after the tests have completed.
This patch adds back the HostKey settings that the nodepool images
started out with. This should not affect the puppetmaster's or a
rooter's ability to log into production servers that are already using
an rsa host key.
Change-Id: I150b76a632398d0a6f00d5b98ad7277c62377601
We need to expose the ability to override the type of match we want to
do. For example, we want to do match address 1.2.3.4 in sshd_config.
Change-Id: I28c5d71e62a62bd27f289a8bd70b235eac213e5c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Remove the hardcoded puppetmaster.openstack.org value
from the template but keep it as default parameter
value for ssh class.
Change-Id: I4b07f78ed455841cc2301227e42222ca96b24821
Now that the migration to puppetmaster.openstack.org is complete,
remove duplicate references to ci-puppetmaster.openstack.org and
also take out the temporary Puppet v2 vs v3 compatibility code used
to choose between them.
Change-Id: I32d48e844ab1872391f9f2a4e233804b7a29feb5
In anticipation of driving puppet over ssh, we need keys on the hosts
and the scripts on the master. Don't turn them on yet, because we want
to be able to do some by-hand testing of the mechanism.
Change-Id: I2c353777e2f8fb5a2e733ce405ba40427ce901e5
The sshd_config file that we put everywhere has an invalid value for
where the sftp command is. On RedHat, it's in /usr/libexec - which means
that it is not possible to use SFTP to interact with our CentOS
machines.
Replace the static file with a template so that we can substitute the
correct value based on which distro it is.
Change-Id: Ia9ba88199f4ff024a904431821926dbb26f35ad6