From 377ad145c336e7531b9a1a70c5a4babc55163e05 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Tue, 7 Jun 2016 15:54:57 -0700
Subject: [PATCH] Add zuul-launcher ssh config file

This instructs ssh to stop storing host keys for ephemeral hosts.

Change-Id: Id0512422e127373060fc570f857af6008026d514
Co-Authored-By: Morgan Fainberg <morgan.fainberg@gmail.com>
---
 .../files/zuul/launcher_ssh_config               | 12 ++++++++++++
 .../openstack_project/manifests/zuul_launcher.pp | 16 ++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 modules/openstack_project/files/zuul/launcher_ssh_config

diff --git a/modules/openstack_project/files/zuul/launcher_ssh_config b/modules/openstack_project/files/zuul/launcher_ssh_config
new file mode 100644
index 0000000000..7bc9b9209c
--- /dev/null
+++ b/modules/openstack_project/files/zuul/launcher_ssh_config
@@ -0,0 +1,12 @@
+HashKnownHosts No
+Host *.openstack.org
+  StrictHostKeyChecking No
+  UserKnownHostsFile ~/.ssh/known_hosts
+
+# NOTE(notmorgan): It is assumed that slaves are logged into
+# not via a hostname ending in ".openstack.org" such
+# as by IP address. This prevents storing the host keys of
+# these slave hosts
+Host * !*.openstack.org
+  StrictHostKeyChecking No
+  UserKnownHostsFile /dev/null
diff --git a/modules/openstack_project/manifests/zuul_launcher.pp b/modules/openstack_project/manifests/zuul_launcher.pp
index b766834987..890aa6df55 100644
--- a/modules/openstack_project/manifests/zuul_launcher.pp
+++ b/modules/openstack_project/manifests/zuul_launcher.pp
@@ -58,6 +58,22 @@ class openstack_project::zuul_launcher(
     notify  => Exec['zuul-launcher-reload'],
   }
 
+  file { '/home/zuul/.ssh':
+    ensure  => directory,
+    owner   => 'zuul',
+    group   => 'zuul',
+    mode    => '0700',
+    require => User['zuul'],
+  }
+
+  file { '/home/zuul/.ssh/config':
+    ensure  => present,
+    source  => 'puppet:///modules/openstack_project/zuul/launcher_ssh_config',
+    owner   => 'zuul',
+    group   => 'zuul',
+    require => File['/home/zuul/.ssh'],
+  }
+
   class { '::zuul':
     vhost_name              => $vhost_name,
     gearman_server          => $gearman_server,