Stop installing openssh and rsync to containers
With fixing keystone role there should be no need in explicitly installing rsync and openssh everywhere. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-os_keystone/+/889934 Change-Id: I25729462fa6be7953e8ef0687ec4580509c21aaf
This commit is contained in:
		 Dmitriy Rabotyagov
					Dmitriy Rabotyagov
				
			
				
					committed by
					
						 Dmitriy Rabotyagov
						Dmitriy Rabotyagov
					
				
			
			
				
	
			
			
			 Dmitriy Rabotyagov
						Dmitriy Rabotyagov
					
				
			
						parent
						
							a22ec2150f
						
					
				
				
					commit
					d4d8114a11
				
			| @@ -130,18 +130,6 @@ lxc_net6_nat: false | ||||
| lxc_kernel_options: | ||||
|   - { key: 'fs.inotify.max_user_instances', value: 1024 } | ||||
|  | ||||
| lxc_cache_sshd_configuration: | ||||
|   - regexp: "^PermitRootLogin" | ||||
|     line: "PermitRootLogin prohibit-password" | ||||
|   - regexp: "^TCPKeepAlive" | ||||
|     line: "TCPKeepAlive yes" | ||||
|   - regexp: "^UseDNS" | ||||
|     line: "UseDNS no" | ||||
|   - regexp: "^X11Forwarding" | ||||
|     line: "X11Forwarding no" | ||||
|   - regexp: "^PasswordAuthentication" | ||||
|     line: "PasswordAuthentication no" | ||||
|  | ||||
| # The compression ratio used when creating the container cache rootfs archive | ||||
| lxc_image_compression_ratio: 0 | ||||
|  | ||||
|   | ||||
							
								
								
									
										6
									
								
								releasenotes/notes/no_sshd_in_lxc-b73334d0c82470b4.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								releasenotes/notes/no_sshd_in_lxc-b73334d0c82470b4.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | ||||
| --- | ||||
| deprecations: | ||||
|   - | | ||||
|     SSHD and rsync are no longer installed or configured for all containers. | ||||
|     This also deprecates usage of ``lxc_container_ssh_key`` and variable | ||||
|     has no effect any longer. | ||||
| @@ -67,18 +67,6 @@ | ||||
|   poll: 0 | ||||
|   register: _lxc_cache_prepare_commands | ||||
|  | ||||
| - name: Obtain the deploy system's ssh public key | ||||
|   set_fact: | ||||
|     lxc_container_ssh_key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}" | ||||
|   when: lxc_container_ssh_key is not defined | ||||
|  | ||||
| - name: Deploy ssh public key into the cached image | ||||
|   lineinfile: | ||||
|     dest: "{{ lxc_image_cache_path }}/root/.ssh/authorized_keys" | ||||
|     line: "{{ lxc_container_ssh_key }}" | ||||
|     create: true | ||||
|     mode: "0600" | ||||
|  | ||||
| # NOTE(cloudnull): Wait for the cache preparation script has completed before | ||||
| #                  building the new RootFS | ||||
| - name: Ensure that the LXC cache has been prepared | ||||
| @@ -98,11 +86,3 @@ | ||||
|     src: sudoers.j2 | ||||
|   when: | ||||
|     - ansible_facts['pkg_mgr'] == 'dnf' | ||||
|  | ||||
| - name: Adjust sshd configuration in container | ||||
|   lineinfile: | ||||
|     dest: "{{ lxc_image_cache_path }}/etc/ssh/sshd_config" | ||||
|     regexp: "{{ item.regexp }}" | ||||
|     line: "{{ item.line }}" | ||||
|     state: present | ||||
|   with_items: "{{ lxc_cache_sshd_configuration }}" | ||||
|   | ||||
| @@ -13,24 +13,6 @@ | ||||
| # See the License for the specific language governing permissions and | ||||
| # limitations under the License. | ||||
|  | ||||
| - name: Check for the presence of a public key file on the deployment host | ||||
|   stat: | ||||
|     path: /root/.ssh/id_rsa.pub | ||||
|   register: _ssh_key | ||||
|   when: lxc_container_ssh_key is undefined | ||||
|   delegate_to: localhost | ||||
|   tags: | ||||
|     - always | ||||
|  | ||||
| - name: Fail if a ssh public key is not set in a var and is not present on the deployment host | ||||
|   fail: | ||||
|     msg: "Please set the lxc_container_ssh_key variable or ensure that the deployment host has the file /root/.ssh/id_rsa.pub present." | ||||
|   when: | ||||
|     - lxc_container_ssh_key is undefined | ||||
|     - not _ssh_key.stat.exists | ||||
|   tags: | ||||
|     - always | ||||
|  | ||||
| - name: Gather variables for each operating system | ||||
|   include_vars: "{{ lookup('first_found', params) }}" | ||||
|   vars: | ||||
|   | ||||
| @@ -50,10 +50,9 @@ _lxc_cache_distro_packages: | ||||
|   - libxml2 | ||||
|   - locales | ||||
|   - netbase | ||||
|   - openssh-server | ||||
|   - procps  # needed for sysctl-container.service | ||||
|   - python3 | ||||
|   - "{{ _lxc_cache_distro_libpython[ansible_facts['distribution_release'] | lower] }}" | ||||
|   - rsync              # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets | ||||
|   - sudo | ||||
|   - systemd | ||||
|   - systemd-sysv | ||||
|   | ||||
| @@ -46,12 +46,10 @@ _lxc_cache_distro_packages: | ||||
|   - iputils | ||||
|   - iproute | ||||
|   - libxml2 | ||||
|   - openssh-server | ||||
|   - policycoreutils | ||||
|   - procps | ||||
|   - python3 | ||||
|   - python3-libs | ||||
|   - rsync              # os_keystone runs serial=1 and uses rsync before the distro packages have been installed on all keystone targets | ||||
|   - setup | ||||
|   - sudo | ||||
|   - systemd | ||||
|   | ||||
		Reference in New Issue
	
	Block a user