Merge "Un-hardcoding stricthostkeychecking for nova user" into release/2019.2.0
diff --git a/README.rst b/README.rst
index f89e590..ada83d3 100644
--- a/README.rst
+++ b/README.rst
@@ -512,6 +512,18 @@
libvirt:
volume_use_multipath: True
+To disable or enable StrictHostKeyChecking and discover
+compute nodes fingerprints the below pillar should be used:
+
+.. code-block:: yaml
+
+ nova:
+ compute:
+ ....
+ openssh:
+ stricthostkeychecking: True
+ discover_compute_hosts: True
+
Client role
-----------
diff --git a/nova/compute.sls b/nova/compute.sls
index 697ac1e..fb622c2 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls
@@ -76,11 +76,31 @@
/var/lib/nova/.ssh/config:
file.managed:
- user: nova
- - contents: StrictHostKeyChecking no
+ - contents: StrictHostKeyChecking {% if compute.get('openssh',{}).get('stricthostkeychecking', False) %}yes{% else %}no{% endif %}
- mode: 400
- require:
- pkg: nova_compute_packages
+{%- if compute.get('openssh',{}).get('discover_compute_hosts', False) %}
+
+ {%- set cmp_nodenames = [] %}
+
+ {%- for cmp_nodes, node_grains in salt['mine.get']('I@nova:compute', 'grains.items', 'compound').items() %}
+ {%- if node_grains.fqdn is defined %}
+ {%- do cmp_nodenames.append(node_grains.fqdn) %}
+ {%- endif %}
+ {%- endfor %}
+
+ {%- for cmp_node in cmp_nodenames %}
+ssh_host_discover_{{ cmp_node }}_fingerprint:
+ ssh_known_hosts.present:
+ - name: {{ cmp_node }}
+ - user: nova
+ - require:
+ - file: /var/lib/nova/.ssh/config
+ {%- endfor %}
+{%- endif %}
+
{%- endif %}
{%- if not pillar.nova.get('controller',{}).get('enabled') %}