[MediaWiki-commits] [Gerrit] operations/puppet[production]: gerrit: use ssh::userkey to install ssh key in proper location

Tue, 02 May 2017 18:17:27 -0700 

Dzahn has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/351565 )

Change subject: gerrit: use ssh::userkey to install ssh key in proper location
......................................................................

gerrit: use ssh::userkey to install ssh key in proper location

Instead of a simple file{} use the newer ssh::userkey abstraction
to install the SSH key used for Gerrit replication.

Currently it is in gerrit2's homedir but sshd config nowadays is:

46 #AuthorizedKeysFile %h/.ssh/authorized_keys
47
48 AuthorizedKeysFile  /etc/ssh/userkeys/%u /etc/ssh/userkeys/%u.d/cumin

Currently SSH from one Gerrit server to the other doesn't work due to this,
but ssh::userkey will use the right location.

per T152525#3230090

Bug: T152525
Change-Id: Ia4b04888a50a642bbb3bf0cd0c29edd412ca7f29
---
M modules/gerrit/manifests/jetty.pp
1 file changed, 4 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/65/351565/1

diff --git a/modules/gerrit/manifests/jetty.pp 
b/modules/gerrit/manifests/jetty.pp
index 38b08de..d4b6cff 100644
--- a/modules/gerrit/manifests/jetty.pp
+++ b/modules/gerrit/manifests/jetty.pp
@@ -91,12 +91,10 @@
         source  => 'puppet:///modules/gerrit/.ssh',
     }
 
-    file { '/var/lib/gerrit2/.ssh/id_rsa':
-        owner   => 'gerrit2',
-        group   => 'gerrit2',
-        mode    => '0400',
-        require => File['/var/lib/gerrit2/.ssh'],
-        content => secret('gerrit/id_rsa'),
+    ssh::userkey { 'gerrit2-cluster-sync':
+        ensure => present,
+        user   => 'gerrit2',
+        source => secret('gerrit/id_rsa'),
     }
 
     file { '/var/lib/gerrit2/review_site':

-- 
To view, visit https://gerrit.wikimedia.org/r/351565
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ia4b04888a50a642bbb3bf0cd0c29edd412ca7f29
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to