From 55496bf01f072f9b45e9ec7733c4bf02080bb3a0 Mon Sep 17 00:00:00 2001 From: Sam Thursfield Date: Thu, 30 Apr 2015 11:51:34 +0300 Subject: distbuild: Disable strict SSH host key checking Although we scan the keys of the Trove, we can only do this for the exact hostname specified in TROVE_HOST. If the definitions being built point to repos in the Trove using an SSH URL but with a different hostname (e.g. as an IP address, or a differently qualified hostname) then the distbuild will fail with a fairly opaque error: ERROR: Build of xx failed: ERROR: Failed to update cached version of repo ssh://git@.../xxx Currently we expect distbuild to be deployed on a trusted private network, so this change doesn't make it less secure. However, it would be a problem in future if we want distbuild networks connecting to their Trove across a public, untrusted network. Change-Id: I6cf8b318cab8985e811b5ee5ac29df225b62270d --- distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml b/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml index e4f94f54..c3074c63 100644 --- a/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml +++ b/distbuild/usr/lib/distbuild-setup/ansible/distbuild-setup.yml @@ -64,6 +64,16 @@ fi creates=/etc/ssh/ssh_known_hosts + # This is a kludge. We can add the host key for the TROVE_HOST that was + # specified, but users may access the Trove by other names, e.g. IP address + # or domain name. Distbuild is currently not safe to run except on a private + # network where host key checking is not important, so we disable it by + # default to avoid errors when users don't stick to using the exact same + # TROVE_HOST in repo URLs. + - name: Disable strict SSH host key checking + lineinfile: + dest: /etc/ssh/ssh_config + line: StrictHostKeyChecking no - name: Enable the morph-cache-server service service: name=morph-cache-server.service enabled=yes -- cgit v1.2.1