diff options
author | Oliver Walsh <owalsh@redhat.com> | 2017-03-24 14:35:09 +0000 |
---|---|---|
committer | James Slagle <jslagle@redhat.com> | 2017-04-20 22:16:35 +0000 |
commit | 68d7196d472b5195c19e871e960996e89a7bcb9c (patch) | |
tree | 83cd2872cf542106ea19a343d1c5217e18287f7d /overcloud.j2.yaml | |
parent | 33e53fd87784914d010411ec85d040623e4c2617 (diff) |
SSH known_hosts config
Fetch the host public keys from each node, combine them all and write to the
system-wide ssh known hosts. The alternative of disabling host key
verification is vulnerable to a MITM attack.
Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
(cherry picked from commit 7d3552a105ad5aa62cad0998c11df5ec6bd06ed6)
Diffstat (limited to 'overcloud.j2.yaml')
-rw-r--r-- | overcloud.j2.yaml | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 927f1d0c..a36e4078 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -249,6 +249,16 @@ resources: type: json value: {get_attr: [EndpointMap, endpoint_map]} + SshKnownHostsConfig: + type: OS::TripleO::Ssh::KnownHostsConfig + properties: + known_hosts: + list_join: + - '' + {% for role in roles %} + - {get_attr: [{{role.name}}, known_hosts_entry]} + {% endfor %} + # Jinja loop for Role in roles_data.yaml {% for role in roles %} # Resources generated for {{role.name}} Role @@ -268,6 +278,13 @@ resources: config: {get_attr: [hostsConfig, config_id]} servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + {{role.name}}SshKnownHostsDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: {{role.name}}SshKnownHostsDeployment + config: {get_resource: SshKnownHostsConfig} + servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + {{role.name}}AllNodesDeployment: type: OS::Heat::StructuredDeployments depends_on: |