1 files changed, 72 insertions, 0 deletions

diff --git a/docker/services/sshd.yaml b/docker/services/sshd.yaml
new file mode 100644
index 00000000..6f57f13d
--- /dev/null
+++ b/docker/services/sshd.yaml
@@ -0,0 +1,72 @@
+heat_template_version: pike
+
+description: >
+  Configure sshd_config
+
+parameters:
+  ServiceData:
+    default: {}
+    description: Dictionary packing service data
+    type: json
+  ServiceNetMap:
+    default: {}
+    description: Mapping of service_name -> network name. Typically set
+                 via parameter_defaults in the resource registry.  This
+                 mapping overrides those in ServiceNetMapDefaults.
+    type: json
+  DefaultPasswords:
+    default: {}
+    type: json
+  RoleName:
+    default: ''
+    description: Role name on which the service is applied
+    type: string
+  RoleParameters:
+    default: {}
+    description: Parameters specific to the role
+    type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
+  MigrationSshPort:
+    default: 2022
+    description: Target port for migration over ssh
+    type: number
+
+conditions:
+
+  # During Ocata->Pike upgrade initially configure the ssh service on port 22
+  # to proxy migration commands to the containerized sshd on port 2022.
+  # When the upgrade converges we can switch migrations over to port 2022.
+  enable_migration_proxy:
+    equals:
+      - {get_param: MigrationSshPort}
+      - 22
+
+resources:
+   SshdBase:
+    type: ../../puppet/services/sshd.yaml
+    properties:
+      EndpointMap: {get_param: EndpointMap}
+      ServiceNetMap: {get_param: ServiceNetMap}
+      DefaultPasswords: {get_param: DefaultPasswords}
+      RoleName: {get_param: RoleName}
+      RoleParameters: {get_param: RoleParameters}
+
+outputs:
+  role_data:
+    description: Role data for the ssh
+    value:
+      service_name: sshd
+      config_settings: {get_attr: [SshdBase, role_data, config_settings]}
+      step_config:
+        list_join:
+          - "\n"
+          - - get_attr: [SshdBase, role_data, step_config]
+            - if:
+              - enable_migration_proxy
+              - |
+                include tripleo::profile::base::nova::migration::proxy
+              - ''