[Openstack-operators] [TripleO] undercloud sshd config override

Cody codeology.lab at gmail.com
Mon Sep 17 15:56:18 UTC 2018


That solved my problem. Thank you so much, Alex.

Best regards,
Cody

On Mon, Sep 17, 2018 at 11:42 AM Alex Schultz <aschultz at redhat.com> wrote:
>
> On Fri, Sep 14, 2018 at 9:41 AM, Cody <codeology.lab at gmail.com> wrote:
> > Hello folks,
> >
> > I installed TripleO undercloud on a machine with a pre-existing
> > sshd_config that disabled root and password login. The file was
> > rewritten by Puppet after the undercloud installation and was made to
> > allow for both options. This is not a good default practice. Is there
> > a way to set the undercloud to respect any pre-existing sshd_config
> > settings?
> >
>
> It depends on the version you're using.  The basics are that you'll
> have to provide your sshd_config to the undercloud installation so
> that it can be merged with the one from tripleo.
>
> For >= Rocky you can use a custom_env_file to provide an updated
> SshServerOptions.  The default can be viewed:
> https://github.com/openstack/tripleo-heat-templates/blob/master/puppet/services/sshd.yaml#L41
>
> For <= Queens you can use a hieradata override to specify an override
> for tripleo::profile::base::sshd::options.  The defaults can be
> viewed: https://github.com/openstack/instack-undercloud/blob/ed96987af5a77579366b27a44d94442f33cd811a/elements/puppet-stack-config/os-apply-config/etc/puppet/hieradata/RedHat.yaml#L3
>
> Thanks,
> -Alex
>
> > Thank you to all.
> >
> > Regards,
> > Cody
> >
> > _______________________________________________
> > OpenStack-operators mailing list
> > OpenStack-operators at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators



More information about the OpenStack-operators mailing list