[libvirt] [jenkins-ci PATCH 1/5] guests: Explicitly enable ssh root login in kickstart

Andrea Bolognani abologna at redhat.com
Thu Nov 7 18:51:57 UTC 2019


Both CentOS and Fedora have had this enabled by default up until
now, but that's no longer the case as of Fedora 31. Enabling it
explicitly makes the first connection work as expected on the
newer distributions without impacting the older ones negatively.

Signed-off-by: Andrea Bolognani <abologna at redhat.com>
---
 guests/configs/kickstart.cfg | 12 ++++++++++++
 guests/configs/preseed.cfg   | 12 +++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/guests/configs/kickstart.cfg b/guests/configs/kickstart.cfg
index 571ac46..713557a 100644
--- a/guests/configs/kickstart.cfg
+++ b/guests/configs/kickstart.cfg
@@ -58,3 +58,15 @@ network --bootproto=dhcp --noipv6 --activate --onboot=yes
 %packages
 @core
 %end
+
+
+# Software configuration
+#
+#
+# We need to be able to login as root via ssh the very first
+# time we connect, but as part of the Ansible playbooks we're
+# going to change this so that only key-based authentication
+# is permitted during regular use
+%post --erroronfail
+sed -i 's/^#*\s*PermitRootLogin\s*.*$/PermitRootLogin yes/g' /etc/ssh/sshd_config
+%end
diff --git a/guests/configs/preseed.cfg b/guests/configs/preseed.cfg
index 03c47a9..74409d8 100644
--- a/guests/configs/preseed.cfg
+++ b/guests/configs/preseed.cfg
@@ -76,10 +76,16 @@ d-i netcfg/get_domain string localdomain
 # Software installation
 #
 # Only install the very base packages: everything else will be
-# installed later using Ansible. We need to install openssh-server
-# and configure it to permit root login now, though, otherwise we
-# won't be able to access the machine for Ansible use later on
+# installed later using Ansible
 tasksel tasksel/first multiselect standard
 d-i pkgsel/upgrade select none
 d-i pkgsel/include string openssh-server
+
+
+# Software configuration
+#
+# We need to be able to login as root via ssh the very first
+# time we connect, but as part of the Ansible playbooks we're
+# going to change this so that only key-based authentication
+# is permitted during regular use
 d-i preseed/late_command string in-target sed -i 's/^#*\s*PermitRootLogin\s*.*$/PermitRootLogin yes/g' /etc/ssh/sshd_config
-- 
2.21.0




More information about the libvir-list mailing list