Dzahn has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/351566 )
Change subject: gerrit: use new ecdsa key for replication, add pub key ...................................................................... gerrit: use new ecdsa key for replication, add pub key Replace old RSA key with new ECDSA key. Add the pubkey as separate file and append to authorized_keys. Slightly rename resource to point out it's for replication. Bug: T152525 Change-Id: I6de1295a52bde066591002ae49cb122721ebd008 --- M modules/gerrit/files/.ssh/authorized_keys A modules/gerrit/files/.ssh/gerrit_replication_ecdsa.pub M modules/gerrit/manifests/jetty.pp 3 files changed, 4 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/66/351566/1 diff --git a/modules/gerrit/files/.ssh/authorized_keys b/modules/gerrit/files/.ssh/authorized_keys index d063157..fc3ef23 100644 --- a/modules/gerrit/files/.ssh/authorized_keys +++ b/modules/gerrit/files/.ssh/authorized_keys @@ -1 +1,2 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxOlshfr3UaPr8gQ8UVskxHAGG9xb55xDyfqlK7vsAs/p+OXpRB4KZOxHWqI40FpHhW+rFVA0Ugk7vBK13oKCB435TJlHYTJR62qQNb2DVxi5rtvZ7DPnRRlAvdGpRft9JsoWdgsXNqRkkStbkA5cqotvVHDYAgzBnHxWPM8REokQVqil6S/yHkIGtXO5J7F6I1OvYCnG1d1GLT5nDt+ZeyacLpZAhrBlyFD6pCwDUhg4+H4O3HGwtoh5418U4cvzRgYOQQXsU2WW5nBQHE9LXVLoL6UeMYY4yMtaNw207zN6kXcMFKyTuF5qlF5whC7cmM4elhAO2snwIw4C3EyQgw== +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGT0VEoiwVI+z6Al890xbKJtgEpMiPnlQJE9n9q4To45GP+KgrZbMZlfiImjU6vhy2QmsmpXVIlWu2+KUzw/ARk= [email protected] diff --git a/modules/gerrit/files/.ssh/gerrit_replication_ecdsa.pub b/modules/gerrit/files/.ssh/gerrit_replication_ecdsa.pub new file mode 100644 index 0000000..f0efbbd --- /dev/null +++ b/modules/gerrit/files/.ssh/gerrit_replication_ecdsa.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGT0VEoiwVI+z6Al890xbKJtgEpMiPnlQJE9n9q4To45GP+KgrZbMZlfiImjU6vhy2QmsmpXVIlWu2+KUzw/ARk= [email protected] diff --git a/modules/gerrit/manifests/jetty.pp b/modules/gerrit/manifests/jetty.pp index d4b6cff..2b10519 100644 --- a/modules/gerrit/manifests/jetty.pp +++ b/modules/gerrit/manifests/jetty.pp @@ -91,10 +91,10 @@ source => 'puppet:///modules/gerrit/.ssh', } - ssh::userkey { 'gerrit2-cluster-sync': + ssh::userkey { 'gerrit2-replication': ensure => present, user => 'gerrit2', - source => secret('gerrit/id_rsa'), + source => secret('gerrit/gerrit2_replication_ecda'), } file { '/var/lib/gerrit2/review_site': -- To view, visit https://gerrit.wikimedia.org/r/351566 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6de1295a52bde066591002ae49cb122721ebd008 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
