SSH known_hosts config

Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c (cherry picked from commit 7d3552a105ad5aa62cad0998c11df5ec6bd06ed6)
author: Oliver Walsh <owalsh@redhat.com> 2017-03-24 14:35:09 +0000
committer: James Slagle <jslagle@redhat.com> 2017-04-20 22:16:35 +0000
commit: 68d7196d472b5195c19e871e960996e89a7bcb9c (patch)
tree: 83cd2872cf542106ea19a343d1c5217e18287f7d /overcloud-resource-registry-puppet.j2.yaml
parent: 33e53fd87784914d010411ec85d040623e4c2617 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 5c277491..17a959ef 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -5,6 +5,8 @@ resource_registry:
   OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml
   OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
   OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml
+  OS::TripleO::Ssh::HostPubKey: extraconfig/tasks/ssh/host_public_key.yaml
+  OS::TripleO::Ssh::KnownHostsConfig: extraconfig/tasks/ssh/known_hosts_config.yaml
   OS::TripleO::DefaultPasswords: default_passwords.yaml
 
   # Tasks (for internal TripleO usage)
author	Oliver Walsh <owalsh@redhat.com>	2017-03-24 14:35:09 +0000
committer	James Slagle <jslagle@redhat.com>	2017-04-20 22:16:35 +0000
commit	68d7196d472b5195c19e871e960996e89a7bcb9c (patch)
tree	83cd2872cf542106ea19a343d1c5217e18287f7d /overcloud-resource-registry-puppet.j2.yaml
parent	33e53fd87784914d010411ec85d040623e4c2617 (diff)