]> xenbits.xensource.com Git - people/royger/osstest.git/commitdiff
projects / people / royger / osstest.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7194e03)
production-config: Use something outside ~osstest/.ssh for TestHostKeypairPath
authorIan Jackson <ian.jackson@eu.citrix.com>
Fri, 27 Apr 2018 13:43:56 +0000 (14:43 +0100)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Fri, 27 Apr 2018 13:43:56 +0000 (14:43 +0100)
ansible nowadays chmods ~/.ssh to 700 for every user whose
authorized_keys it touches.  This includes osstest@osstest.

The result is that other users on osstest.test-lab cannot access this
file.  I have cp -a'd the keys, which are a piece of static
configuration we don't expect to change often, to a different
directory which will not be attacked by ansible.  Refer to them there.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
production-config patch | blob | blame | history

diff --git a/production-config b/production-config
index 33c7559d35f3bc83c54e49857bb3951e29492345..e1c437b37da5a06eb0753824d2695f79fcb2da43 100644 (file)
--- a/production-config
+++ b/production-config
@@ -45,7 +45,7 @@ LogsMinExpireAge= 86400*4
 LogsPublishMinSpaceMby= 20*1e3
 LogsPublishMinExpireAge= 86400*7
 
-TestHostKeypairPath /home/osstest/.ssh/id_rsa_osstest
+TestHostKeypairPath /home/osstest/keys/id_rsa_osstest
 
 GitCacheProxy git://cache:9419/
 
Unnamed repository; edit this file 'description' to name the repository.