summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--apex/overcloud/overcloud_deploy.py11
-rw-r--r--build/opnfv-environment.yaml32
-rwxr-xr-xbuild/overcloud-full.sh2
3 files changed, 33 insertions, 12 deletions
diff --git a/apex/overcloud/overcloud_deploy.py b/apex/overcloud/overcloud_deploy.py
index ec07b33d..93732bf3 100644
--- a/apex/overcloud/overcloud_deploy.py
+++ b/apex/overcloud/overcloud_deploy.py
@@ -308,8 +308,7 @@ def make_ssh_key():
crypto_serialization.Encoding.OpenSSH,
crypto_serialization.PublicFormat.OpenSSH
)
- pub_key = re.sub('ssh-rsa\s*', '', public_key.decode('utf-8'))
- return private_key.decode('utf-8'), pub_key
+ return private_key.decode('utf-8'), public_key.decode('utf-8')
def prep_env(ds, ns, inv, opnfv_env, net_env, tmp_dir):
@@ -370,9 +369,13 @@ def prep_env(ds, ns, inv, opnfv_env, net_env, tmp_dir):
if 'CloudDomain' in line:
output_line = " CloudDomain: {}".format(ns['domain_name'])
elif 'replace_private_key' in line:
- output_line = " key: '{}'".format(private_key)
+ output_line = " private_key: |\n"
+ key_out = ''
+ for line in private_key.splitlines():
+ key_out += " {}\n".format(line)
+ output_line += key_out
elif 'replace_public_key' in line:
- output_line = " key: '{}'".format(public_key)
+ output_line = " public_key: '{}'".format(public_key)
if ds_opts['sdn_controller'] == 'opendaylight' and \
'odl_vpp_routing_node' in ds_opts:
diff --git a/build/opnfv-environment.yaml b/build/opnfv-environment.yaml
index a2732659..9d049028 100644
--- a/build/opnfv-environment.yaml
+++ b/build/opnfv-environment.yaml
@@ -27,14 +27,32 @@ parameter_defaults:
# NeutronDpdkMemoryChannels:
# ControllerExtraConfig:
# NovaComputeExtraConfig:
+ MigrationSshKey:
+ public_key: replace_public_key
+ private_key: replace_private_key
+ SshServerOptions:
+ HostKey:
+ - '/etc/ssh/ssh_host_rsa_key'
+ - '/etc/ssh/ssh_host_ecdsa_key'
+ - '/etc/ssh/ssh_host_ed25519_key'
+ SyslogFacility: 'AUTHPRIV'
+ AuthorizedKeysFile: '.ssh/authorized_keys'
+ PasswordAuthentication: 'no'
+ ChallengeResponseAuthentication: 'no'
+ GSSAPIAuthentication: 'no'
+ GSSAPICleanupCredentials: 'no'
+ UsePAM: 'yes'
+ X11Forwarding: 'yes'
+ UsePrivilegeSeparation: 'sandbox'
+ AcceptEnv:
+ - 'LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES'
+ - 'LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT'
+ - 'LC_IDENTIFICATION LC_ALL LANGUAGE'
+ - 'XMODIFIERS'
+ Subsystem: 'sftp /usr/libexec/openssh/sftp-server'
+ UseDNS: 'no'
ExtraConfig:
tripleo::ringbuilder::build_ring: false
- nova::nova_public_key:
- type: 'ssh-rsa'
- replace_public_key:
- nova::nova_private_key:
- type: 'ssh-rsa'
- replace_private_key:
nova::policy::policies:
nova-os_compute_api:servers:show:host_status:
key: 'os_compute_api:servers:show:host_status'
@@ -51,6 +69,7 @@ parameter_defaults:
# value updated via lib/overcloud-deploy-functions.sh
# opendaylight::vpp_routing_node: overcloud-novacompute-0.opnfvlf.org
ControllerServices:
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
@@ -135,6 +154,7 @@ parameter_defaults:
- OS::TripleO::Services::Vpp
- OS::TripleO::Services::NeutronBgpVpnApi
ComputeServices:
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Barometer
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CephClient
diff --git a/build/overcloud-full.sh b/build/overcloud-full.sh
index 1bf4bb42..006dc8f9 100755
--- a/build/overcloud-full.sh
+++ b/build/overcloud-full.sh
@@ -56,8 +56,6 @@ LIBGUESTFS_BACKEND=direct virt-customize \
--run-command "cd /usr/lib/python2.7/site-packages/ && rm -rf os_net_config && tar xzf apex-os-net-config.tar.gz" \
--run-command "if ! rpm -qa | grep python-redis; then yum install -y python-redis; fi" \
--install epel-release \
- --run-command "sed -i 's/^#UseDNS.*$/UseDNS no/' /etc/ssh/sshd_config" \
- --run-command "sed -i 's/^GSSAPIAuthentication.*$/GSSAPIAuthentication no/' /etc/ssh/sshd_config" \
--install unzip \
--upload ${BUILD_DIR}/vsperf.tar.gz:/var/opt \
--run-command "cd /var/opt && tar xzf vsperf.tar.gz" \