When we moved our proxies from puppet to ansible, we forgot to setup something to copy the ssh_known_hosts file over to them, so anyone who goes to https://admin.fedoraproject.org/ssh_known_hosts gets a no such file.
I'd like to add the following patch to the proxies playbook and run that playbook to correct this.
+1s?
kevin -- diff --git a/roles/httpd/fingerprints/tasks/main.yml b/roles/httpd/fingerprints/tasks/main.yml index 74dd152..00afe5c 100644 --- a/roles/httpd/fingerprints/tasks/main.yml +++ b/roles/httpd/fingerprints/tasks/main.yml @@ -13,3 +13,7 @@ - fingerprints - httpd - httpd/fingerprints + +- copy: src=/etc/ssh/ssh_known_hosts dest=/etc/ssh/ssh_known_hosts + tags: + - fingerprints
+1 This looks good. Do we need to do any sort of selinux to get it readable by http?
On 2 April 2015 at 09:40, Kevin Fenzi kevin@scrye.com wrote:
When we moved our proxies from puppet to ansible, we forgot to setup something to copy the ssh_known_hosts file over to them, so anyone who goes to https://admin.fedoraproject.org/ssh_known_hosts gets a no such file.
I'd like to add the following patch to the proxies playbook and run that playbook to correct this.
+1s?
kevin
diff --git a/roles/httpd/fingerprints/tasks/main.yml b/roles/httpd/fingerprints/tasks/main.yml index 74dd152..00afe5c 100644 --- a/roles/httpd/fingerprints/tasks/main.yml +++ b/roles/httpd/fingerprints/tasks/main.yml @@ -13,3 +13,7 @@
- fingerprints
- httpd
- httpd/fingerprints
+- copy: src=/etc/ssh/ssh_known_hosts dest=/etc/ssh/ssh_known_hosts
- tags:
- fingerprints
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Thu, 2 Apr 2015 10:04:32 -0600 Stephen John Smoogen smooge@gmail.com wrote:
+1 This looks good. Do we need to do any sort of selinux to get it readable by http?
Doesn't seem so, it works in stg: https://admin.stg.fedoraproject.org/ssh_known_hosts
kevin
On Thu, Apr 02, 2015 at 09:40:54AM -0600, Kevin Fenzi wrote:
When we moved our proxies from puppet to ansible, we forgot to setup something to copy the ssh_known_hosts file over to them, so anyone who goes to https://admin.fedoraproject.org/ssh_known_hosts gets a no such file.
I'd like to add the following patch to the proxies playbook and run that playbook to correct this.
+1s?
kevin
diff --git a/roles/httpd/fingerprints/tasks/main.yml b/roles/httpd/fingerprints/tasks/main.yml index 74dd152..00afe5c 100644 --- a/roles/httpd/fingerprints/tasks/main.yml +++ b/roles/httpd/fingerprints/tasks/main.yml @@ -13,3 +13,7 @@
- fingerprints
- httpd
- httpd/fingerprints
+- copy: src=/etc/ssh/ssh_known_hosts dest=/etc/ssh/ssh_known_hosts
- tags:
- fingerprints
+1 for me
Pierre
infrastructure@lists.fedoraproject.org