Setup known_hosts file on gerrit servers

Setup known_hosts file on review.o.o and review-dev.o.o so that
known services connecting to it won't be blocked.

Change-Id: If0b082867df73322a9115b94ea5be18d0631acc0
depends-on: I0bb6638f5362696cd9a9a7401cb2e96ab69eea06
This commit is contained in:
Khai Do 2016-11-18 22:01:54 -08:00
parent 8b7c572f02
commit 956372cd39
4 changed files with 8 additions and 0 deletions

View File

@ -36,6 +36,7 @@ node 'review.openstack.org' {
mysql_password => hiera('gerrit_mysql_password'),
email_private_key => hiera('gerrit_email_private_key'),
token_private_key => hiera('gerrit_rest_token_private_key'),
gerrit_ssh_known_hosts => hiera('gerrit_ssh_known_hosts'),
gerritbot_password => hiera('gerrit_gerritbot_password'),
gerritbot_ssh_rsa_key_contents => hiera('gerritbot_ssh_rsa_key_contents'),
gerritbot_ssh_rsa_pubkey_contents => hiera('gerritbot_ssh_rsa_pubkey_contents'),
@ -81,6 +82,7 @@ node 'review-dev.openstack.org' {
email_private_key => hiera('gerrit_dev_email_private_key'),
contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'),
contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'),
gerrit_ssh_known_hosts => hiera('gerrit_ssh_known_hosts'),
ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents'),
ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents'),
ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents'),

View File

@ -10,6 +10,7 @@ class openstack_project::gerrit (
$canonicalweburl = "https://${::fqdn}/",
$git_http_url = '',
$canonical_git_url = '',
$gerrit_ssh_known_hosts = '',
$serveradmin = 'webmaster@openstack.org',
$ssh_host_key = '/home/gerrit2/review_site/etc/ssh_host_rsa_key',
$ssh_project_key = '/home/gerrit2/review_site/etc/ssh_project_rsa_key',
@ -122,6 +123,7 @@ class openstack_project::gerrit (
enable_javamelody_top_menu => false,
# passthrough
java_home => $java_home,
known_hosts_content => $gerrit_ssh_known_hosts,
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,

View File

@ -85,6 +85,7 @@ class openstack_project::review (
$storyboard_password = '',
$project_config_repo = '',
$projects_config = 'openstack_project/review.projects.ini.erb',
$gerrit_ssh_known_hosts = '',
) {
$java_home = $::lsbdistcodename ? {
@ -116,6 +117,7 @@ class openstack_project::review (
ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
ssh_welcome_rsa_key_contents => $ssh_welcome_rsa_key_contents,
ssh_welcome_rsa_pubkey_contents => $ssh_welcome_rsa_pubkey_contents,
gerrit_ssh_known_hosts => "${gerrit_ssh_known_hosts} ${gerrit_ssh_host_key}",
email => 'review@openstack.org',
# 1 + 100 + 9 + 2 + 2 + 25 => 139(rounded up)
database_poollimit => '225',

View File

@ -29,6 +29,7 @@ class openstack_project::review_dev (
$storyboard_ssl_cert = '',
$project_config_repo = '',
$projects_config = 'openstack_project/review-dev.projects.ini.erb',
$gerrit_ssh_known_hosts = '',
) {
$java_home = $::lsbdistcodename ? {
@ -59,6 +60,7 @@ class openstack_project::review_dev (
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
ssh_replication_rsa_key_contents => $ssh_replication_rsa_key_contents,
ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
gerrit_ssh_known_hosts => "${gerrit_ssh_known_hosts} ${gerrit_ssh_host_key}",
email => 'review-dev@openstack.org',
war =>
'http://tarballs.openstack.org/ci/gerrit/gerrit-v2.11.4.22.e0c0f29.war',