On Fri, Sep 14, 2018 at 9:41 AM, Cody <codeology.lab at gmail.com> wrote: > Hello folks, > > I installed TripleO undercloud on a machine with a pre-existing > sshd_config that disabled root and password login. The file was > rewritten by Puppet after the undercloud installation and was made to > allow for both options. This is not a good default practice. Is there > a way to set the undercloud to respect any pre-existing sshd_config > settings? > It depends on the version you're using. The basics are that you'll have to provide your sshd_config to the undercloud installation so that it can be merged with the one from tripleo. For >= Rocky you can use a custom_env_file to provide an updated SshServerOptions. The default can be viewed: https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/sshd.yaml#L41 For <= Queens you can use a hieradata override to specify an override for tripleo::profile::base::sshd::options. The defaults can be viewed: https://github.com/openstack/instack-undercloud/blob/ed96987af5a77579366b27a44d94442f33cd811a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml#L3 Thanks, -Alex > Thank you to all. > > Regards, > Cody > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators