diff options
-rw-r--r-- | apex/overcloud/overcloud_deploy.py | 11 | ||||
-rw-r--r-- | build/opnfv-environment.yaml | 32 | ||||
-rwxr-xr-x | build/overcloud-full.sh | 2 |
3 files changed, 33 insertions, 12 deletions
diff --git a/apex/overcloud/overcloud_deploy.py b/apex/overcloud/overcloud_deploy.py index ec07b33d..93732bf3 100644 --- a/apex/overcloud/overcloud_deploy.py +++ b/apex/overcloud/overcloud_deploy.py @@ -308,8 +308,7 @@ def make_ssh_key(): crypto_serialization.Encoding.OpenSSH, crypto_serialization.PublicFormat.OpenSSH ) - pub_key = re.sub('ssh-rsa\s*', '', public_key.decode('utf-8')) - return private_key.decode('utf-8'), pub_key + return private_key.decode('utf-8'), public_key.decode('utf-8') def prep_env(ds, ns, inv, opnfv_env, net_env, tmp_dir): @@ -370,9 +369,13 @@ def prep_env(ds, ns, inv, opnfv_env, net_env, tmp_dir): if 'CloudDomain' in line: output_line = " CloudDomain: {}".format(ns['domain_name']) elif 'replace_private_key' in line: - output_line = " key: '{}'".format(private_key) + output_line = " private_key: |\n" + key_out = '' + for line in private_key.splitlines(): + key_out += " {}\n".format(line) + output_line += key_out elif 'replace_public_key' in line: - output_line = " key: '{}'".format(public_key) + output_line = " public_key: '{}'".format(public_key) if ds_opts['sdn_controller'] == 'opendaylight' and \ 'odl_vpp_routing_node' in ds_opts: diff --git a/build/opnfv-environment.yaml b/build/opnfv-environment.yaml index a2732659..9d049028 100644 --- a/build/opnfv-environment.yaml +++ b/build/opnfv-environment.yaml @@ -27,14 +27,32 @@ parameter_defaults: # NeutronDpdkMemoryChannels: # ControllerExtraConfig: # NovaComputeExtraConfig: + MigrationSshKey: + public_key: replace_public_key + private_key: replace_private_key + SshServerOptions: + HostKey: + - '/etc/ssh/ssh_host_rsa_key' + - '/etc/ssh/ssh_host_ecdsa_key' + - '/etc/ssh/ssh_host_ed25519_key' + SyslogFacility: 'AUTHPRIV' + AuthorizedKeysFile: '.ssh/authorized_keys' + PasswordAuthentication: 'no' + ChallengeResponseAuthentication: 'no' + GSSAPIAuthentication: 'no' + GSSAPICleanupCredentials: 'no' + UsePAM: 'yes' + X11Forwarding: 'yes' + UsePrivilegeSeparation: 'sandbox' + AcceptEnv: + - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES' + - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT' + - 'LC_IDENTIFICATION LC_ALL LANGUAGE' + - 'XMODIFIERS' + Subsystem: 'sftp /usr/libexec/openssh/sftp-server' + UseDNS: 'no' ExtraConfig: tripleo::ringbuilder::build_ring: false - nova::nova_public_key: - type: 'ssh-rsa' - replace_public_key: - nova::nova_private_key: - type: 'ssh-rsa' - replace_private_key: nova::policy::policies: nova-os_compute_api:servers:show:host_status: key: 'os_compute_api:servers:show:host_status' @@ -51,6 +69,7 @@ parameter_defaults: # value updated via lib/overcloud-deploy-functions.sh # opendaylight::vpp_routing_node: overcloud-novacompute-0.opnfvlf.org ControllerServices: + - OS::TripleO::Services::Sshd - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephOSD @@ -135,6 +154,7 @@ parameter_defaults: - OS::TripleO::Services::Vpp - OS::TripleO::Services::NeutronBgpVpnApi ComputeServices: + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Barometer - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephClient diff --git a/build/overcloud-full.sh b/build/overcloud-full.sh index 1bf4bb42..006dc8f9 100755 --- a/build/overcloud-full.sh +++ b/build/overcloud-full.sh @@ -56,8 +56,6 @@ LIBGUESTFS_BACKEND=direct virt-customize \ --run-command "cd /usr/lib/python2.7/site-packages/ && rm -rf os_net_config && tar xzf apex-os-net-config.tar.gz" \ --run-command "if ! rpm -qa | grep python-redis; then yum install -y python-redis; fi" \ --install epel-release \ - --run-command "sed -i 's/^#UseDNS.*$/UseDNS no/' /etc/ssh/sshd_config" \ - --run-command "sed -i 's/^GSSAPIAuthentication.*$/GSSAPIAuthentication no/' /etc/ssh/sshd_config" \ --install unzip \ --upload ${BUILD_DIR}/vsperf.tar.gz:/var/opt \ --run-command "cd /var/opt && tar xzf vsperf.tar.gz" \ |