serve our production ssh known_hosts file over public HTTPS
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	CDanis
	Jul 6 2020, 2:59 PM

Description

There's not really good reason why this data only has to live on the bastions and require SSH access to access.

Furthermore it'd be a way of trusting the bastion hosts on initial machine setup, removing a trust dependency there.

config-master.wikimedia.org (served by the puppetmasters) seems like a fine place for it to live, and is already served publicly.

Details

	Subject	Repo	Branch	Lines +/-
	SSHFP: add a text file with the SSHFB of all hosts	operations/puppet	production	+30 -1

Customize query in gerrit

Event Timeline

CDanis created this task.Jul 6 2020, 2:59 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 6 2020, 2:59 PM

MoritzMuehlenhoff subscribed.Jul 6 2020, 2:59 PM

Change 609796 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] SSHFP: add a text file with the SSHFB of all hosts

https://gerrit.wikimedia.org/r/609796

gerritbot added a project: Patch-For-Review.Jul 6 2020, 3:47 PM

jbond subscribed.Jul 6 2020, 3:53 PM

Feel free to alter the priority, only setting it so to remove it from untriaged tickets list.

dancy subscribed.Jul 9 2020, 5:09 PM

Change 609796 merged by Jbond:
[operations/puppet@production] SSHFP: add a text file with the SSHFB of all hosts

https://gerrit.wikimedia.org/r/609796

Maintenance_bot removed a project: Patch-For-Review.Jul 10 2020, 9:10 AM

LSobanski added a project: Infrastructure-Foundations.Jan 3 2023, 2:19 PM

This is already available on https://config-master.wikimedia.org/ , resolving.

serve our production ssh known_hosts file over public HTTPSClosed, ResolvedPublicActions

Description

Details

Event Timeline

serve our production ssh known_hosts file over public HTTPS
Closed, ResolvedPublic
Actions