[Openstack-operators] [TripleO] undercloud sshd config override

Alex Schultz aschultz at redhat.com
Mon Sep 17 15:41:25 UTC 2018

On Fri, Sep 14, 2018 at 9:41 AM, Cody <codeology.lab at gmail.com> wrote:
> Hello folks,
> I installed TripleO undercloud on a machine with a pre-existing
> sshd_config that disabled root and password login. The file was
> rewritten by Puppet after the undercloud installation and was made to
> allow for both options. This is not a good default practice. Is there
> a way to set the undercloud to respect any pre-existing sshd_config
> settings?

It depends on the version you're using.  The basics are that you'll
have to provide your sshd_config to the undercloud installation so
that it can be merged with the one from tripleo.

For >= Rocky you can use a custom_env_file to provide an updated
SshServerOptions.  The default can be viewed:

For <= Queens you can use a hieradata override to specify an override
for tripleo::profile::base::sshd::options.  The defaults can be
viewed: https://github.com/openstack/instack-undercloud/blob/ed96987af5a77579366b27a44d94442f33cd811a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml#L3


> Thank you to all.
> Regards,
> Cody
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

More information about the OpenStack-operators mailing list