summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-06-02 23:57:34 +0000
committerGerrit Code Review <review@openstack.org>2017-06-02 23:57:34 +0000
commitf178f5ae280467ca4086b36f5ba8fc3fe198759c (patch)
tree965e4b835bb604dff34593f0bc6172cf0d285a95
parent93afb64cc2e910681e7ef95f419f6bf6565c2dac (diff)
parent885bf88174921ba1ee4852caa8c1034430a51ca1 (diff)
Merge "SSH known_hosts config" into stable/newton
-rw-r--r--extraconfig/tasks/ssh/host_public_key.yaml42
-rw-r--r--extraconfig/tasks/ssh/known_hosts_config.yaml36
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml2
-rw-r--r--overcloud.j2.yaml17
-rw-r--r--puppet/blockstorage-role.yaml65
-rw-r--r--puppet/cephstorage-role.yaml65
-rw-r--r--puppet/compute-role.yaml65
-rw-r--r--puppet/controller-role.yaml65
-rw-r--r--puppet/objectstorage-role.yaml65
-rw-r--r--puppet/role.role.j2.yaml65
-rw-r--r--releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml4
11 files changed, 491 insertions, 0 deletions
diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml
new file mode 100644
index 0000000..afbac55
--- /dev/null
+++ b/extraconfig/tasks/ssh/host_public_key.yaml
@@ -0,0 +1,42 @@
1heat_template_version: 2016-10-14
2
3description: >
4 This is a template which will fetch the ssh host public key.
5
6parameters:
7 server:
8 description: ID of the node to apply this config to
9 type: string
10
11resources:
12 SshHostPubKeyConfig:
13 type: OS::Heat::SoftwareConfig
14 properties:
15 group: script
16 outputs:
17 - name: rsa
18 - name: ecdsa
19 - name: ed25519
20 config: |
21 #!/bin/sh -x
22 test -e '/etc/ssh/ssh_host_rsa_key.pub' && cat /etc/ssh/ssh_host_rsa_key.pub > $heat_outputs_path.rsa
23 test -e '/etc/ssh/ssh_host_ecdsa_key.pub' && cat /etc/ssh/ssh_host_ecdsa_key.pub > $heat_outputs_path.ecdsa
24 test -e '/etc/ssh/ssh_host_ed25519_key.pub' && cat /etc/ssh/ssh_host_ed25519_key.pub > $heat_outputs_path.ed25519
25
26 SshHostPubKeyDeployment:
27 type: OS::Heat::SoftwareDeployment
28 properties:
29 config: {get_resource: SshHostPubKeyConfig}
30 server: {get_param: server}
31
32
33outputs:
34 ecdsa:
35 description: Host ssh public key (ecdsa)
36 value: {get_attr: [SshHostPubKeyDeployment, ecdsa]}
37 rsa:
38 description: Host ssh public key (rsa)
39 value: {get_attr: [SshHostPubKeyDeployment, rsa]}
40 ed25519:
41 description: Host ssh public key (ed25519)
42 value: {get_attr: [SshHostPubKeyDeployment, ed25519]}
diff --git a/extraconfig/tasks/ssh/known_hosts_config.yaml b/extraconfig/tasks/ssh/known_hosts_config.yaml
new file mode 100644
index 0000000..49a04e0
--- /dev/null
+++ b/extraconfig/tasks/ssh/known_hosts_config.yaml
@@ -0,0 +1,36 @@
1heat_template_version: 2016-10-14
2description: 'SSH Known Hosts Config'
3
4parameters:
5 known_hosts:
6 type: string
7
8resources:
9
10 SSHKnownHostsConfig:
11 type: OS::Heat::SoftwareConfig
12 properties:
13 group: script
14 inputs:
15 - name: known_hosts
16 default: {get_param: known_hosts}
17 config: |
18 #!/bin/bash
19 set -eux
20 set -o pipefail
21
22 echo "Creating ssh known hosts file"
23
24 if [ ! -z "${known_hosts}" ]; then
25 echo "${known_hosts}"
26 echo -ne "${known_hosts}" > /etc/ssh/ssh_known_hosts
27 chmod 0644 /etc/ssh/ssh_known_hosts
28 else
29 rm -f /etc/ssh/ssh_known_hosts
30 echo "No ssh known hosts"
31 fi
32
33outputs:
34 OS::stack_id:
35 description: The SSHKnownHostsConfig resource.
36 value: {get_resource: SSHKnownHostsConfig}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index c46668a..3237a50 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -4,6 +4,8 @@ resource_registry:
4 OS::TripleO::PostDeploySteps: puppet/post.yaml 4 OS::TripleO::PostDeploySteps: puppet/post.yaml
5 OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml 5 OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
6 OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml 6 OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml
7 OS::TripleO::Ssh::HostPubKey: extraconfig/tasks/ssh/host_public_key.yaml
8 OS::TripleO::Ssh::KnownHostsConfig: extraconfig/tasks/ssh/known_hosts_config.yaml
7 OS::TripleO::DefaultPasswords: default_passwords.yaml 9 OS::TripleO::DefaultPasswords: default_passwords.yaml
8 10
9 # Tasks (for internal TripleO usage) 11 # Tasks (for internal TripleO usage)
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index 15bcfb6..20c2b12 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -201,6 +201,16 @@ resources:
201 NetIpMap: {get_attr: [VipMap, net_ip_map]} 201 NetIpMap: {get_attr: [VipMap, net_ip_map]}
202 ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} 202 ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
203 203
204 SshKnownHostsConfig:
205 type: OS::TripleO::Ssh::KnownHostsConfig
206 properties:
207 known_hosts:
208 list_join:
209 - ''
210 {% for role in roles %}
211 - {get_attr: [{{role.name}}, known_hosts_entry]}
212 {% endfor %}
213
204 # Jinja loop for Role in roles_data.yaml 214 # Jinja loop for Role in roles_data.yaml
205{% for role in roles %} 215{% for role in roles %}
206 # Resources generated for {{role.name}} Role 216 # Resources generated for {{role.name}} Role
@@ -220,6 +230,13 @@ resources:
220 config: {get_attr: [hostsConfig, config_id]} 230 config: {get_attr: [hostsConfig, config_id]}
221 servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} 231 servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
222 232
233 {{role.name}}SshKnownHostsDeployment:
234 type: OS::Heat::StructuredDeployments
235 properties:
236 name: {{role.name}}SshKnownHostsDeployment
237 config: {get_resource: SshKnownHostsConfig}
238 servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
239
223 {{role.name}}AllNodesDeployment: 240 {{role.name}}AllNodesDeployment:
224 type: OS::Heat::StructuredDeployments 241 type: OS::Heat::StructuredDeployments
225 depends_on: 242 depends_on:
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 34f10a2..e35c716 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -301,6 +301,12 @@ resources:
301 update_identifier: 301 update_identifier:
302 get_param: UpdateIdentifier 302 get_param: UpdateIdentifier
303 303
304 SshHostPubKey:
305 type: OS::TripleO::Ssh::HostPubKey
306 depends_on: BlockStorageDeployment
307 properties:
308 server: {get_resource: BlockStorage}
309
304outputs: 310outputs:
305 ip_address: 311 ip_address:
306 description: IP address of the server in the ctlplane network 312 description: IP address of the server in the ctlplane network
@@ -411,6 +417,65 @@ outputs:
411 - '.' 417 - '.'
412 - - {get_attr: [BlockStorage, name]} 418 - - {get_attr: [BlockStorage, name]}
413 - ctlplane 419 - ctlplane
420 known_hosts_entry:
421 description: Entry for ssh known hosts
422 value:
423 str_replace:
424 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
425EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
426INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
427STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
428STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
429TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
430MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
431CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
432 params:
433 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
434 DOMAIN: {get_param: CloudDomain}
435 PRIMARYHOST: {get_attr: [BlockStorage, name]}
436 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
437 EXTERNALHOST:
438 list_join:
439 - '.'
440 - - {get_attr: [BlockStorage, name]}
441 - external
442 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
443 INTERNAL_APIHOST:
444 list_join:
445 - '.'
446 - - {get_attr: [BlockStorage, name]}
447 - internalapi
448 STORAGEIP: {get_attr: [StoragePort, ip_address]}
449 STORAGEHOST:
450 list_join:
451 - '.'
452 - - {get_attr: [BlockStorage, name]}
453 - storage
454 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
455 STORAGE_MGMTHOST:
456 list_join:
457 - '.'
458 - - {get_attr: [BlockStorage, name]}
459 - storagemgmt
460 TENANTIP: {get_attr: [TenantPort, ip_address]}
461 TENANTHOST:
462 list_join:
463 - '.'
464 - - {get_attr: [BlockStorage, name]}
465 - tenant
466 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
467 MANAGEMENTHOST:
468 list_join:
469 - '.'
470 - - {get_attr: [BlockStorage, name]}
471 - management
472 CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
473 CTLPLANEHOST:
474 list_join:
475 - '.'
476 - - {get_attr: [BlockStorage, name]}
477 - ctlplane
478 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
414 nova_server_resource: 479 nova_server_resource:
415 description: Heat resource handle for the block storage server 480 description: Heat resource handle for the block storage server
416 value: 481 value:
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 0854330..e63b60b 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -312,6 +312,12 @@ resources:
312 update_identifier: 312 update_identifier:
313 get_param: UpdateIdentifier 313 get_param: UpdateIdentifier
314 314
315 SshHostPubKey:
316 type: OS::TripleO::Ssh::HostPubKey
317 depends_on: CephStorageDeployment
318 properties:
319 server: {get_resource: CephStorage}
320
315outputs: 321outputs:
316 ip_address: 322 ip_address:
317 description: IP address of the server in the ctlplane network 323 description: IP address of the server in the ctlplane network
@@ -422,6 +428,65 @@ outputs:
422 - '.' 428 - '.'
423 - - {get_attr: [CephStorage, name]} 429 - - {get_attr: [CephStorage, name]}
424 - ctlplane 430 - ctlplane
431 known_hosts_entry:
432 description: Entry for ssh known hosts
433 value:
434 str_replace:
435 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
436EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
437INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
438STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
439STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
440TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
441MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
442CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
443 params:
444 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
445 DOMAIN: {get_param: CloudDomain}
446 PRIMARYHOST: {get_attr: [CephStorage, name]}
447 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
448 EXTERNALHOST:
449 list_join:
450 - '.'
451 - - {get_attr: [CephStorage, name]}
452 - external
453 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
454 INTERNAL_APIHOST:
455 list_join:
456 - '.'
457 - - {get_attr: [CephStorage, name]}
458 - internalapi
459 STORAGEIP: {get_attr: [StoragePort, ip_address]}
460 STORAGEHOST:
461 list_join:
462 - '.'
463 - - {get_attr: [CephStorage, name]}
464 - storage
465 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
466 STORAGE_MGMTHOST:
467 list_join:
468 - '.'
469 - - {get_attr: [CephStorage, name]}
470 - storagemgmt
471 TENANTIP: {get_attr: [TenantPort, ip_address]}
472 TENANTHOST:
473 list_join:
474 - '.'
475 - - {get_attr: [CephStorage, name]}
476 - tenant
477 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
478 MANAGEMENTHOST:
479 list_join:
480 - '.'
481 - - {get_attr: [CephStorage, name]}
482 - management
483 CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
484 CTLPLANEHOST:
485 list_join:
486 - '.'
487 - - {get_attr: [CephStorage, name]}
488 - ctlplane
489 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
425 nova_server_resource: 490 nova_server_resource:
426 description: Heat resource handle for the ceph storage server 491 description: Heat resource handle for the ceph storage server
427 value: 492 value:
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 070f19c..1bc4d1e 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -336,6 +336,12 @@ resources:
336 update_identifier: 336 update_identifier:
337 get_param: UpdateIdentifier 337 get_param: UpdateIdentifier
338 338
339 SshHostPubKey:
340 type: OS::TripleO::Ssh::HostPubKey
341 depends_on: NovaComputeDeployment
342 properties:
343 server: {get_resource: NovaCompute}
344
339outputs: 345outputs:
340 ip_address: 346 ip_address:
341 description: IP address of the server in the ctlplane network 347 description: IP address of the server in the ctlplane network
@@ -466,6 +472,65 @@ outputs:
466 - '.' 472 - '.'
467 - - {get_attr: [NovaCompute, name]} 473 - - {get_attr: [NovaCompute, name]}
468 - ctlplane 474 - ctlplane
475 known_hosts_entry:
476 description: Entry for ssh known hosts
477 value:
478 str_replace:
479 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
480EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
481INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
482STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
483STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
484TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
485MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
486CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
487 params:
488 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
489 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
490 DOMAIN: {get_param: CloudDomain}
491 PRIMARYHOST: {get_attr: [NovaCompute, name]}
492 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
493 EXTERNALHOST:
494 list_join:
495 - '.'
496 - - {get_attr: [NovaCompute, name]}
497 - external
498 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
499 INTERNAL_APIHOST:
500 list_join:
501 - '.'
502 - - {get_attr: [NovaCompute, name]}
503 - internalapi
504 STORAGEIP: {get_attr: [StoragePort, ip_address]}
505 STORAGEHOST:
506 list_join:
507 - '.'
508 - - {get_attr: [NovaCompute, name]}
509 - storage
510 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
511 STORAGE_MGMTHOST:
512 list_join:
513 - '.'
514 - - {get_attr: [NovaCompute, name]}
515 - storagemgmt
516 TENANTIP: {get_attr: [TenantPort, ip_address]}
517 TENANTHOST:
518 list_join:
519 - '.'
520 - - {get_attr: [NovaCompute, name]}
521 - tenant
522 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
523 MANAGEMENTHOST:
524 list_join:
525 - '.'
526 - - {get_attr: [NovaCompute, name]}
527 - management
528 CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
529 CTLPLANEHOST:
530 list_join:
531 - '.'
532 - - {get_attr: [NovaCompute, name]}
533 - ctlplane
469 nova_server_resource: 534 nova_server_resource:
470 description: Heat resource handle for the Nova compute server 535 description: Heat resource handle for the Nova compute server
471 value: 536 value:
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 3fc691a..f305145 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -379,6 +379,12 @@ resources:
379 update_identifier: 379 update_identifier:
380 get_param: UpdateIdentifier 380 get_param: UpdateIdentifier
381 381
382 SshHostPubKey:
383 type: OS::TripleO::Ssh::HostPubKey
384 depends_on: ControllerDeployment
385 properties:
386 server: {get_resource: Controller}
387
382outputs: 388outputs:
383 ip_address: 389 ip_address:
384 description: IP address of the server in the ctlplane network 390 description: IP address of the server in the ctlplane network
@@ -509,6 +515,65 @@ outputs:
509 - '.' 515 - '.'
510 - - {get_attr: [Controller, name]} 516 - - {get_attr: [Controller, name]}
511 - ctlplane 517 - ctlplane
518 known_hosts_entry:
519 description: Entry for ssh known hosts
520 value:
521 str_replace:
522 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
523EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
524INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
525STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
526STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
527TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
528MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
529CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
530 params:
531 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
532 DOMAIN: {get_param: CloudDomain}
533 PRIMARYHOST: {get_attr: [Controller, name]}
534 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
535 EXTERNALHOST:
536 list_join:
537 - '.'
538 - - {get_attr: [Controller, name]}
539 - external
540 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
541 INTERNAL_APIHOST:
542 list_join:
543 - '.'
544 - - {get_attr: [Controller, name]}
545 - internalapi
546 STORAGEIP: {get_attr: [StoragePort, ip_address]}
547 STORAGEHOST:
548 list_join:
549 - '.'
550 - - {get_attr: [Controller, name]}
551 - storage
552 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
553 STORAGE_MGMTHOST:
554 list_join:
555 - '.'
556 - - {get_attr: [Controller, name]}
557 - storagemgmt
558 TENANTIP: {get_attr: [TenantPort, ip_address]}
559 TENANTHOST:
560 list_join:
561 - '.'
562 - - {get_attr: [Controller, name]}
563 - tenant
564 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
565 MANAGEMENTHOST:
566 list_join:
567 - '.'
568 - - {get_attr: [Controller, name]}
569 - management
570 CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
571 CTLPLANEHOST:
572 list_join:
573 - '.'
574 - - {get_attr: [Controller, name]}
575 - ctlplane
576 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
512 nova_server_resource: 577 nova_server_resource:
513 description: Heat resource handle for the Nova compute server 578 description: Heat resource handle for the Nova compute server
514 value: 579 value:
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index be638c5..53a4b04 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -300,6 +300,12 @@ resources:
300 update_identifier: 300 update_identifier:
301 get_param: UpdateIdentifier 301 get_param: UpdateIdentifier
302 302
303 SshHostPubKey:
304 type: OS::TripleO::Ssh::HostPubKey
305 depends_on: SwiftStorageHieraDeploy
306 properties:
307 server: {get_resource: SwiftStorage}
308
303outputs: 309outputs:
304 ip_address: 310 ip_address:
305 description: IP address of the server in the ctlplane network 311 description: IP address of the server in the ctlplane network
@@ -410,6 +416,65 @@ outputs:
410 - '.' 416 - '.'
411 - - {get_attr: [SwiftStorage, name]} 417 - - {get_attr: [SwiftStorage, name]}
412 - ctlplane 418 - ctlplane
419 known_hosts_entry:
420 description: Entry for ssh known hosts
421 value:
422 str_replace:
423 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
424EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
425INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
426STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
427STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
428TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
429MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
430CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
431 params:
432 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
433 DOMAIN: {get_param: CloudDomain}
434 PRIMARYHOST: {get_attr: [SwiftStorage, name]}
435 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
436 EXTERNALHOST:
437 list_join:
438 - '.'
439 - - {get_attr: [SwiftStorage, name]}
440 - external
441 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
442 INTERNAL_APIHOST:
443 list_join:
444 - '.'
445 - - {get_attr: [SwiftStorage, name]}
446 - internalapi
447 STORAGEIP: {get_attr: [StoragePort, ip_address]}
448 STORAGEHOST:
449 list_join:
450 - '.'
451 - - {get_attr: [SwiftStorage, name]}
452 - storage
453 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
454 STORAGE_MGMTHOST:
455 list_join:
456 - '.'
457 - - {get_attr: [SwiftStorage, name]}
458 - storagemgmt
459 TENANTIP: {get_attr: [TenantPort, ip_address]}
460 TENANTHOST:
461 list_join:
462 - '.'
463 - - {get_attr: [SwiftStorage, name]}
464 - tenant
465 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
466 MANAGEMENTHOST:
467 list_join:
468 - '.'
469 - - {get_attr: [SwiftStorage, name]}
470 - management
471 CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
472 CTLPLANEHOST:
473 list_join:
474 - '.'
475 - - {get_attr: [SwiftStorage, name]}
476 - ctlplane
477 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
413 nova_server_resource: 478 nova_server_resource:
414 description: Heat resource handle for the swift storage server 479 description: Heat resource handle for the swift storage server
415 value: 480 value:
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index cbe3c80..28103f4 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -327,6 +327,12 @@ resources:
327 update_identifier: 327 update_identifier:
328 get_param: UpdateIdentifier 328 get_param: UpdateIdentifier
329 329
330 SshHostPubKey:
331 type: OS::TripleO::Ssh::HostPubKey
332 depends_on: {{role}}Deployment
333 properties:
334 server: {get_resource: {{role}}}
335
330outputs: 336outputs:
331 ip_address: 337 ip_address:
332 description: IP address of the server in the ctlplane network 338 description: IP address of the server in the ctlplane network
@@ -437,6 +443,65 @@ outputs:
437 - '.' 443 - '.'
438 - - {get_attr: [{{role}}, name]} 444 - - {get_attr: [{{role}}, name]}
439 - ctlplane 445 - ctlplane
446 known_hosts_entry:
447 description: Entry for ssh known hosts
448 value:
449 str_replace:
450 template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
451EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
452INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
453STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
454STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
455TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
456MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
457CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
458 params:
459 PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]}
460 DOMAIN: {get_param: CloudDomain}
461 PRIMARYHOST: {get_attr: [{{role}}, name]}
462 EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
463 EXTERNALHOST:
464 list_join:
465 - '.'
466 - - {get_attr: [{{role}}, name]}
467 - external
468 INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
469 INTERNAL_APIHOST:
470 list_join:
471 - '.'
472 - - {get_attr: [{{role}}, name]}
473 - internalapi
474 STORAGEIP: {get_attr: [StoragePort, ip_address]}
475 STORAGEHOST:
476 list_join:
477 - '.'
478 - - {get_attr: [{{role}}, name]}
479 - storage
480 STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
481 STORAGE_MGMTHOST:
482 list_join:
483 - '.'
484 - - {get_attr: [{{role}}, name]}
485 - storagemgmt
486 TENANTIP: {get_attr: [TenantPort, ip_address]}
487 TENANTHOST:
488 list_join:
489 - '.'
490 - - {get_attr: [{{role}}, name]}
491 - tenant
492 MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
493 MANAGEMENTHOST:
494 list_join:
495 - '.'
496 - - {get_attr: [{{role}}, name]}
497 - management
498 CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]}
499 CTLPLANEHOST:
500 list_join:
501 - '.'
502 - - {get_attr: [{{role}}, name]}
503 - ctlplane
504 HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
440 nova_server_resource: 505 nova_server_resource:
441 description: Heat resource handle for {{role}} server 506 description: Heat resource handle for {{role}} server
442 value: 507 value:
diff --git a/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml
new file mode 100644
index 0000000..8b533b1
--- /dev/null
+++ b/releasenotes/notes/ssh_known_hosts-287563590632d1aa.yaml
@@ -0,0 +1,4 @@
1---
2features:
3 - SSH host key exchange. The ssh host keys are collected from each host,
4 combined, and written to /etc/ssh/ssh_known_hosts.