From 25211d1492e0bff7f48f880d92d4fa82445b1f84 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ian.jackson@eu.citrix.com>
Date: Fri, 27 Apr 2018 14:43:56 +0100
Subject: [PATCH] production-config: Use something outside ~osstest/.ssh for
 TestHostKeypairPath

ansible nowadays chmods ~/.ssh to 700 for every user whose
authorized_keys it touches.  This includes osstest@osstest.

The result is that other users on osstest.test-lab cannot access this
file.  I have cp -a'd the keys, which are a piece of static
configuration we don't expect to change often, to a different
directory which will not be attacked by ansible.  Refer to them there.

Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
 production-config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/production-config b/production-config
index 33c7559..e1c437b 100644
--- a/production-config
+++ b/production-config
@@ -45,7 +45,7 @@ LogsMinExpireAge= 86400*4
 LogsPublishMinSpaceMby= 20*1e3
 LogsPublishMinExpireAge= 86400*7
 
-TestHostKeypairPath /home/osstest/.ssh/id_rsa_osstest
+TestHostKeypairPath /home/osstest/keys/id_rsa_osstest
 
 GitCacheProxy git://cache:9419/
 
-- 
2.39.5