diff options
author | Oliver Walsh <owalsh@redhat.com> | 2017-03-24 14:35:09 +0000 |
---|---|---|
committer | Oliver Walsh <owalsh@redhat.com> | 2017-04-13 21:53:59 +0100 |
commit | 7d3552a105ad5aa62cad0998c11df5ec6bd06ed6 (patch) | |
tree | 38e0f69556cdce84f14a95e04e50a56d1a7a0ac5 /overcloud-resource-registry-puppet.j2.yaml | |
parent | 8716d9f769dd17ef17fef7f0fdefaf0df6a7fe24 (diff) |
SSH known_hosts config
Fetch the host public keys from each node, combine them all and write to the
system-wide ssh known hosts. The alternative of disabling host key
verification is vulnerable to a MITM attack.
Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
Diffstat (limited to 'overcloud-resource-registry-puppet.j2.yaml')
-rw-r--r-- | overcloud-resource-registry-puppet.j2.yaml | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index d9eaf8df..b70d4a23 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -5,6 +5,8 @@ resource_registry: OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml + OS::TripleO::Ssh::HostPubKey: extraconfig/tasks/ssh/host_public_key.yaml + OS::TripleO::Ssh::KnownHostsConfig: extraconfig/tasks/ssh/known_hosts_config.yaml OS::TripleO::DefaultPasswords: default_passwords.yaml # Tasks (for internal TripleO usage) |