Re: [Openstack-operators] [TripleO] undercloud sshd config override
That solved my problem. Thank you so much, Alex. Best regards, Cody On Mon, Sep 17, 2018 at 11:42 AM Alex Schultz wrote: > > On Fri, Sep 14, 2018 at 9:41 AM, Cody wrote: > > Hello folks, > > > > I installed TripleO undercloud on a machine with a pre-existing > > sshd_config that disabled root and password login. The file was > > rewritten by Puppet after the undercloud installation and was made to > > allow for both options. This is not a good default practice. Is there > > a way to set the undercloud to respect any pre-existing sshd_config > > settings? > > > > It depends on the version you're using. The basics are that you'll > have to provide your sshd_config to the undercloud installation so > that it can be merged with the one from tripleo. > > For >= Rocky you can use a custom_env_file to provide an updated > SshServerOptions. The default can be viewed: > https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/sshd.yaml#L41 > > For <= Queens you can use a hieradata override to specify an override > for tripleo::profile::base::sshd::options. The defaults can be > viewed: > https://github.com/openstack/instack-undercloud/blob/ed96987af5a77579366b27a44d94442f33cd811a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml#L3 > > Thanks, > -Alex > > > Thank you to all. > > > > Regards, > > Cody > > > > ___ > > OpenStack-operators mailing list > > OpenStack-operators@lists.openstack.org > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Re: [Openstack-operators] [TripleO] undercloud sshd config override
On Fri, Sep 14, 2018 at 9:41 AM, Cody wrote: > Hello folks, > > I installed TripleO undercloud on a machine with a pre-existing > sshd_config that disabled root and password login. The file was > rewritten by Puppet after the undercloud installation and was made to > allow for both options. This is not a good default practice. Is there > a way to set the undercloud to respect any pre-existing sshd_config > settings? > It depends on the version you're using. The basics are that you'll have to provide your sshd_config to the undercloud installation so that it can be merged with the one from tripleo. For >= Rocky you can use a custom_env_file to provide an updated SshServerOptions. The default can be viewed: https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/sshd.yaml#L41 For <= Queens you can use a hieradata override to specify an override for tripleo::profile::base::sshd::options. The defaults can be viewed: https://github.com/openstack/instack-undercloud/blob/ed96987af5a77579366b27a44d94442f33cd811a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml#L3 Thanks, -Alex > Thank you to all. > > Regards, > Cody > > ___ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
[Openstack-operators] [TripleO] undercloud sshd config override
Hello folks, I installed TripleO undercloud on a machine with a pre-existing sshd_config that disabled root and password login. The file was rewritten by Puppet after the undercloud installation and was made to allow for both options. This is not a good default practice. Is there a way to set the undercloud to respect any pre-existing sshd_config settings? Thank you to all. Regards, Cody ___ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
