From ada8f50d604464dba64be5eaef60f59a270a1327 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Fri, 1 Jun 2018 09:14:48 -0700 Subject: [PATCH] Add element for openssh and override UseDNS We need to disable UseDNS in default sshd_config, which is something we already do when deploying SSHD service in puppet/services/sshd.yaml but the parameter is still enabled before Puppet has run, which causes problems when Ansible has to execute remote tasks via ssh, it timeouts. This patch adds an element that will allow us to override the default openssh configuration and it'll disable UseDNS. Change-Id: I2df6c45936ee88e0eb048998ae23c9334f295fdf Related-Bug: #1774557 Related-Bug: #1845166 (cherry picked from commit 939b5861e1ff2f5311a16ccf4c63922493159f56) --- elements/openssh/README.md | 5 +++++ elements/openssh/post-install.d/71-openssh | 7 +++++++ releasenotes/notes/openssh-79e2d39397761e74.yaml | 6 ++++++ 3 files changed, 18 insertions(+) create mode 100644 elements/openssh/README.md create mode 100755 elements/openssh/post-install.d/71-openssh create mode 100644 releasenotes/notes/openssh-79e2d39397761e74.yaml diff --git a/elements/openssh/README.md b/elements/openssh/README.md new file mode 100644 index 00000000..8e97787d --- /dev/null +++ b/elements/openssh/README.md @@ -0,0 +1,5 @@ +======= +openssh +======= + +Override the default openssh configuration. diff --git a/elements/openssh/post-install.d/71-openssh b/elements/openssh/post-install.d/71-openssh new file mode 100755 index 00000000..b49b7728 --- /dev/null +++ b/elements/openssh/post-install.d/71-openssh @@ -0,0 +1,7 @@ +#!/bin/bash + +set -eu +set -o pipefail + +# https://bugs.launchpad.net/tripleo/+bug/1774557 +sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config diff --git a/releasenotes/notes/openssh-79e2d39397761e74.yaml b/releasenotes/notes/openssh-79e2d39397761e74.yaml new file mode 100644 index 00000000..818966dc --- /dev/null +++ b/releasenotes/notes/openssh-79e2d39397761e74.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + An element can now override the default openssh configuration. + For now, we set UseDNS to 'no' to avoid timeouts when Ansible tries + to run remote tasks via ssh.