Dzahn has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/351565 )
Change subject: gerrit: use ssh::userkey to install ssh key in proper location
......................................................................
gerrit: use ssh::userkey to install ssh key in proper location
Use ssh::userkey abstraction
to install the SSH public key used for Gerrit replication.
Currently it is in gerrit2's homedir and the entire .ssh dir gets
recursively deployed but sshd config nowadays has:
46 #AuthorizedKeysFile %h/.ssh/authorized_keys
47
48 AuthorizedKeysFile /etc/ssh/userkeys/%u /etc/ssh/userkeys/%u.d/cumin
SSH from one Gerrit server to the other doesn't work due to this,
but ssh::userkey will use the right location.
per T152525#3230090
Bug: T152525
Change-Id: Ia4b04888a50a642bbb3bf0cd0c29edd412ca7f29
---
A modules/gerrit/files/id_rsa.pub
M modules/gerrit/manifests/jetty.pp
2 files changed, 7 insertions(+), 0 deletions(-)
Approvals:
Chad: Looks good to me, but someone else must approve
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/modules/gerrit/files/id_rsa.pub b/modules/gerrit/files/id_rsa.pub
new file mode 100644
index 0000000..d789d81
--- /dev/null
+++ b/modules/gerrit/files/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAxOlshfr3UaPr8gQ8UVskxHAGG9xb55xDyfqlK7vsAs/p+OXpRB4KZOxHWqI40FpHhW+rFVA0Ugk7vBK13oKCB435TJlHYTJR62qQNb2DVxi5rtvZ7DPnRRlAvdGpRft9JsoWdgsXNqRkkStbkA5cqotvVHDYAgzBnHxWPM8REokQVqil6S/yHkIGtXO5J7F6I1OvYCnG1d1GLT5nDt+ZeyacLpZAhrBlyFD6pCwDUhg4+H4O3HGwtoh5418U4cvzRgYOQQXsU2WW5nBQHE9LXVLoL6UeMYY4yMtaNw207zN6kXcMFKyTuF5qlF5whC7cmM4elhAO2snwIw4C3EyQgw==
gerrit@wmf
diff --git a/modules/gerrit/manifests/jetty.pp
b/modules/gerrit/manifests/jetty.pp
index 38b08de..75f897c 100644
--- a/modules/gerrit/manifests/jetty.pp
+++ b/modules/gerrit/manifests/jetty.pp
@@ -99,6 +99,12 @@
content => secret('gerrit/id_rsa'),
}
+ ssh::userkey { 'gerrit2-cluster-sync':
+ ensure => present,
+ user => 'gerrit2',
+ source => 'puppet:///modules/gerrit/id_rsa.pub'
+ }
+
file { '/var/lib/gerrit2/review_site':
ensure => directory,
owner => 'gerrit2',
--
To view, visit https://gerrit.wikimedia.org/r/351565
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia4b04888a50a642bbb3bf0cd0c29edd412ca7f29
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Chad <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Paladox <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
