Add element for openssh and override UseDNS

We need to disable UseDNS in default sshd_config, which is something we already do when deploying SSHD service in puppet/services/sshd.yaml but the parameter is still enabled before Puppet has run, which causes problems when Ansible has to execute remote tasks via ssh, it timeouts. This patch adds an element that will allow us to override the default openssh configuration and it'll disable UseDNS. Change-Id: I2df6c45936ee88e0eb048998ae23c9334f295fdf Related-Bug: #1774557 Related-Bug: #1845166 (cherry picked from commit 939b5861e1)
2018-06-01 09:14:48 -07:00 · 2018-06-01 09:14:48 -07:00 · ada8f50d60
parent 2a58e3c1eb
commit ada8f50d60
3 changed files with 18 additions and 0 deletions
--- a/elements/openssh/README.md
+++ b/elements/openssh/README.md
@ -0,0 +1,5 @@
+=======
+openssh
+=======
+
+Override the default openssh configuration.
--- a/elements/openssh/post-install.d/71-openssh
+++ b/elements/openssh/post-install.d/71-openssh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+# https://bugs.launchpad.net/tripleo/+bug/1774557
+sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
--- a/releasenotes/notes/openssh-79e2d39397761e74.yaml
+++ b/releasenotes/notes/openssh-79e2d39397761e74.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    An element can now override the default openssh configuration.
+    For now, we set UseDNS to 'no' to avoid timeouts when Ansible tries
+    to run remote tasks via ssh.