openstack/openstack-ansible
Code Issues Proposed changes
3b8601fdaa
openstack-ansible/tests/bootstrap-aio.yml
Kevin Carter 1604bba1c8 Add sshd_config to the bootstrap AIO process 
This change is being done to ensure that we have a consistent and
performant SSH configuration in place throughout all of our gates.

Change-Id: I4b2da075400dd7abb9826e55bf14bf10b126b5df
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
2016-09-26 23:16:01 +00:00

78 lines
2.3 KiB
YAML
Raw Blame History

---
# Copyright 2015, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Bootstrap the All-In-One (AIO)
hosts: localhost
user: root
roles:
- role: "sshd"
- role: "pip_install"
- role: "bootstrap-host"
openstack_confd_entries: "{{ confd_overrides[scenario] }}"
scenario: "{{ lookup('env','SCENARIO') | default('aio', true) }}"
confd_overrides:
aio:
- name: aodh.yml.aio
- name: cinder.yml.aio
- name: ceilometer.yml.aio
- name: glance.yml.aio
- name: gnocchi.yml.aio
- name: heat.yml.aio
- name: horizon.yml.aio
- name: keystone.yml.aio
- name: neutron.yml.aio
- name: nova.yml.aio
- name: swift.yml.aio
vars:
sshd:
ListenAddress:
- 0.0.0.0
- '::'
Port: 22
Protocol: 2
HostKey:
- "/etc/ssh/ssh_host_rsa_key"
- "/etc/ssh/ssh_host_ecdsa_key"
- "/etc/ssh/ssh_host_ed25519_key"
UsePrivilegeSeparation: yes
KeyRegenerationInterval: 3600
ServerKeyBits: 1024
SyslogFacility: "AUTH"
LogLevel: "INFO"
LoginGraceTime: 120
StrictModes: yes
RSAAuthentication: yes
PubkeyAuthentication: yes
IgnoreRhosts: yes
RhostsRSAAuthentication: no
HostbasedAuthentication: no
PermitEmptyPasswords: no
PermitRootLogin: yes
ChallengeResponseAuthentication: no
PasswordAuthentication: no
X11DisplayOffset: 10
PrintMotd: no
PrintLastLog: no
TCPKeepAlive: yes
AcceptEnv: "LANG LC_*"
Subsystem: "sftp /usr/lib/openssh/sftp-server"
UsePAM: yes
UseDNS: no
X11Forwarding: no
Compression: yes
CompressionLevel: 6
MaxSessions: 100
MaxStartups: "100:100:100"
View Git Blame Copy Permalink