From c91a63e9570abf1c1147047f5a75a6472ba6f151 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 20 May 2022 10:13:56 +0200 Subject: [PATCH] Drop sshd role requirement We use sshd role only for aio bootstrap. In fact, what we need is to simply install and launch daemon. Using a role for that is overkill considering they have a tendency to fail against newer versions. Change-Id: I650a6e611eb53d95fdf94c86d3086bedf5f506c9 --- ansible-role-requirements.yml | 5 ---- tests/bootstrap-aio.yml | 55 ++++++----------------------------- 2 files changed, 9 insertions(+), 51 deletions(-) diff --git a/ansible-role-requirements.yml b/ansible-role-requirements.yml index e8d5b13505..59b320d6cd 100644 --- a/ansible-role-requirements.yml +++ b/ansible-role-requirements.yml @@ -233,11 +233,6 @@ src: https://opendev.org/openstack/openstack-ansible-rsyslog_server version: master trackbranch: master -- name: sshd - scm: git - src: https://github.com/willshersystems/ansible-sshd - version: master - trackbranch: master - name: bird scm: git src: https://github.com/logan2211/ansible-bird diff --git a/tests/bootstrap-aio.yml b/tests/bootstrap-aio.yml index ef21a81cd8..b4c7c23324 100644 --- a/tests/bootstrap-aio.yml +++ b/tests/bootstrap-aio.yml @@ -18,56 +18,10 @@ gather_facts: True user: root roles: - - role: "sshd" - role: "bootstrap-host" vars_files: - "{{ playbook_dir }}/../playbooks/defaults/repo_packages/openstack_services.yml" environment: "{{ deployment_environment_variables | default({}) }}" - vars: - sftp_subsystem: - 'apt': 'sftp /usr/lib/openssh/sftp-server' - 'dnf': 'sftp /usr/libexec/openssh/sftp-server' - sshd: - ListenAddress: - - 0.0.0.0 - - '::' - Port: 22 - Protocol: 2 - HostKey: - - "/etc/ssh/ssh_host_rsa_key" - - "/etc/ssh/ssh_host_ecdsa_key" - - "/etc/ssh/ssh_host_ed25519_key" - UsePrivilegeSeparation: yes - KeyRegenerationInterval: 3600 - ServerKeyBits: 1024 - SyslogFacility: "AUTH" - LogLevel: "INFO" - LoginGraceTime: 120 - StrictModes: yes - RSAAuthentication: yes - PubkeyAuthentication: yes - IgnoreRhosts: yes - RhostsRSAAuthentication: no - HostbasedAuthentication: no - PermitEmptyPasswords: no - PermitRootLogin: yes - ChallengeResponseAuthentication: no - PasswordAuthentication: no - X11DisplayOffset: 10 - PrintMotd: no - PrintLastLog: no - TCPKeepAlive: yes - AcceptEnv: "LANG LC_*" - Subsystem: "{{ sftp_subsystem[ansible_facts['pkg_mgr']] }}" - UsePAM: yes - UseDNS: no - X11Forwarding: no - Compression: yes - CompressionLevel: 6 - MaxSessions: 100 - MaxStartups: "100:100:100" - GSSAPIAuthentication: no - GSSAPICleanupCredentials: no pre_tasks: - name: Run setup module setup: @@ -75,6 +29,15 @@ - network - hardware - virtual + - name: Ensure sshd is installed + package: + name: openssh-server + state: present + - name: Ensure sshd is running + service: + name: sshd + state: started + enabled: yes post_tasks: - name: Check that new network interfaces are up assert: