diff options
authorSam Thursfield <>2015-04-30 08:51:34 (GMT)
committerBaserock Gerrit <>2015-05-01 13:15:38 (GMT)
commit55496bf01f072f9b45e9ec7733c4bf02080bb3a0 (patch)
parent05a6672c81c56d4c73a77582bc30d104ccece8aa (diff)
distbuild: Disable strict SSH host key checking
Although we scan the keys of the Trove, we can only do this for the exact hostname specified in TROVE_HOST. If the definitions being built point to repos in the Trove using an SSH URL but with a different hostname (e.g. as an IP address, or a differently qualified hostname) then the distbuild will fail with a fairly opaque error: ERROR: Build of xx failed: ERROR: Failed to update cached version of repo ssh://git@.../xxx Currently we expect distbuild to be deployed on a trusted private network, so this change doesn't make it less secure. However, it would be a problem in future if we want distbuild networks connecting to their Trove across a public, untrusted network. Change-Id: I6cf8b318cab8985e811b5ee5ac29df225b62270d
1 files changed, 10 insertions, 0 deletions
diff --git a/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml b/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml
index e4f94f5..c3074c6 100644
--- a/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml
+++ b/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml
@@ -64,6 +64,16 @@
+ # This is a kludge. We can add the host key for the TROVE_HOST that was
+ # specified, but users may access the Trove by other names, e.g. IP address
+ # or domain name. Distbuild is currently not safe to run except on a private
+ # network where host key checking is not important, so we disable it by
+ # default to avoid errors when users don't stick to using the exact same
+ # TROVE_HOST in repo URLs.
+ - name: Disable strict SSH host key checking
+ lineinfile:
+ dest: /etc/ssh/ssh_config
+ line: StrictHostKeyChecking no
- name: Enable the morph-cache-server service
service: name=morph-cache-server.service enabled=yes