[MediaWiki-commits] [Gerrit] operations/puppet[production]: ssh: update comments to remove precise mentions

[Faidon Liambotis (Code Review)]

Faidon Liambotis has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/345834 )

Change subject: ssh: update comments to remove precise mentions
......................................................................

ssh: update comments to remove precise mentions

precise is no more, so simplify the situation a little bit by removing
some comments. Functionally no-op.

Change-Id: I39bd9c385ec23e60f3d633954c4a7dded971b74a
---
M modules/ssh/manifests/server.pp
M modules/ssh/templates/sshd_config.erb
2 files changed, 5 insertions(+), 16 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/34/345834/1

diff --git a/modules/ssh/manifests/server.pp b/modules/ssh/manifests/server.pp
index 27fbd03..2f2ed20 100644
--- a/modules/ssh/manifests/server.pp
+++ b/modules/ssh/manifests/server.pp
@@ -45,20 +45,10 @@
 
     # publish this hosts's host key; prefer ECDSA -> RSA (no DSA)
     #
-    # There's two issues that stop us from using ed25519 keys:
-    #
-    # 1) We need to still be able to collect on precise hosts and precise's
-    # OpenSSH version does not support ed25519. While you'd think we could
-    # export both and use a puppet collector filter to exclude type !=
-    # 'ed25519', puppet's sshkey type is stupid and uses namevar for the
-    # hostname and namevar is unique, so you can't define two different keys of
-    # a different type for the same host. This is waiting until <= precise is
-    # gone.
-    #
-    # 2) Puppet sshkey is also stupid in that it hardcodes acceptable types in
-    # its code, and ed25519 is not a valid type in trusty's version (3.4.3). It
-    # is in jessie's version (3.7.3), though. So this is waiting until <=
-    # trusty is gone, or until we backport a newer version of puppet to trusty.
+    # Puppet sshkey hardcodes acceptable types in its code, and ed25519 is not
+    # a valid type in trusty's version (3.4.3). It is in jessie's version
+    # (3.7.3), though. So this is waiting until trusty is gone, or until we
+    # backport a newer version of puppet to trusty.
 
     if $::sshecdsakey {
         # facter bug: one key regardless of ECDSA keytype;
diff --git a/modules/ssh/templates/sshd_config.erb 
b/modules/ssh/templates/sshd_config.erb
index 1a6ba21..57eb1cc 100644
--- a/modules/ssh/templates/sshd_config.erb
+++ b/modules/ssh/templates/sshd_config.erb
@@ -128,8 +128,7 @@
 <% if @hostname == "iron" then %>
 
 # Use two-factor authentication on iron
-# AuthenticationMethods was introduced in openssh 6.2. Stock precise has only
-# 5.9, but we're already using a trusty backport (so 6.6) there (for T102401)
+# AuthenticationMethods was introduced in OpenSSH 6.2.
 # Members of the yubiauth group will use a second authentication factor based
 # on Yubico OTPs (allowing gradual migration towards 2fa)
 Match Group yubiauth

-- 
To view, visit https://gerrit.wikimedia.org/r/345834
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I39bd9c385ec23e60f3d633954c4a7dded971b74a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits