aboutsummaryrefslogtreecommitdiffstats
path: root/overcloud.j2.yaml
diff options
context:
space:
mode:
authorOliver Walsh <owalsh@redhat.com>2017-03-24 14:35:09 +0000
committerOliver Walsh <owalsh@redhat.com>2017-04-13 21:53:59 +0100
commit7d3552a105ad5aa62cad0998c11df5ec6bd06ed6 (patch)
tree38e0f69556cdce84f14a95e04e50a56d1a7a0ac5 /overcloud.j2.yaml
parent8716d9f769dd17ef17fef7f0fdefaf0df6a7fe24 (diff)
SSH known_hosts config
Fetch the host public keys from each node, combine them all and write to the system-wide ssh known hosts. The alternative of disabling host key verification is vulnerable to a MITM attack. Change-Id: Ib572b5910720b1991812256e68c975f7fbe2239c
Diffstat (limited to 'overcloud.j2.yaml')
-rw-r--r--overcloud.j2.yaml17
1 files changed, 17 insertions, 0 deletions
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index e99f770..584fdfd 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -249,6 +249,16 @@ resources:
type: json
value: {get_attr: [EndpointMap, endpoint_map]}
+ SshKnownHostsConfig:
+ type: OS::TripleO::Ssh::KnownHostsConfig
+ properties:
+ known_hosts:
+ list_join:
+ - ''
+ {% for role in roles %}
+ - {get_attr: [{{role.name}}, known_hosts_entry]}
+ {% endfor %}
+
# Jinja loop for Role in roles_data.yaml
{% for role in roles %}
# Resources generated for {{role.name}} Role
@@ -280,6 +290,13 @@ resources:
config: {get_attr: [hostsConfig, config_id]}
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+ {{role.name}}SshKnownHostsDeployment:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ name: {{role.name}}SshKnownHostsDeployment
+ config: {get_resource: SshKnownHostsConfig}
+ servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
+
{{role.name}}AllNodesDeployment:
type: OS::Heat::StructuredDeployments
depends_on: