Merge "Switch to ecdsa ssh key type by default"
diff --git a/releasenotes/notes/Switch-to-ecdsa-ssh-key-type-by-default-0425b5d5ec72c1c3.yaml b/releasenotes/notes/Switch-to-ecdsa-ssh-key-type-by-default-0425b5d5ec72c1c3.yaml
new file mode 100644
index 0000000..5fc316b
--- /dev/null
+++ b/releasenotes/notes/Switch-to-ecdsa-ssh-key-type-by-default-0425b5d5ec72c1c3.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+ - |
+ As the version of cirros used in OpenStack CI does not support SHA-2
+ signatures for ssh, any connection from a FIPS enabled machine will fail
+ in case validation.ssh_key_type is set to rsa (the default until now).
+ Using ecdsa keys helps us avoid the mentioned issue.
+ From now on, the validation.ssh_key_type option will be set to ecdsa
+ by default for testing simplicity.
+ This change shouldn't have any drastic effect on any tempest consumer,
+ in case rsa ssh type is required in a consumer's scenario,
+ validation.ssh_key_type can be overridden to rsa.
diff --git a/tempest/config.py b/tempest/config.py
index 2fb43a0..ebde421 100644
--- a/tempest/config.py
+++ b/tempest/config.py
@@ -962,7 +962,7 @@
help="Network used for SSH connections. Ignored if "
"connect_method=floating."),
cfg.StrOpt('ssh_key_type',
- default='rsa',
+ default='ecdsa',
help='Type of key to use for ssh connections. '
'Valid types are rsa, ecdsa'),
]