Code Review / ta / infra-ansible.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
FIX: allow keystone to log in
[ta/infra-ansible.git] / roles / ssh_conf_hardening / tasks / main.yaml
diff --git a/roles/ssh_conf_hardening/tasks/main.yaml b/roles/ssh_conf_hardening/tasks/main.yaml
index cfc4425..66d4bce 100644 (file)
--- a/roles/ssh_conf_hardening/tasks/main.yaml
+++ b/roles/ssh_conf_hardening/tasks/main.yaml
@@ -150,10 +150,10 @@
     regexp: '[\s]*ClientAliveCountMax'
     values: "ClientAliveCountMax 0\n"
 
-- name: "Limit logins to members of {{ users['admin_user_name'] }} group"
+- name: "Limit logins to members of admin, keystone, and ironic groups"
   ssh_conf:
     regexp: '[\s]*AllowGroups'
-    values: "AllowGroups {{ users['admin_user_name'] }}\n"
+    values: "AllowGroups {{ users['admin_user_name'] }} {{ keystone_system_group_name |default('keystone') }} {{ ironic_system_group_name | default('ironic') }}\n"
 
 - name: "Disable SSH Support for User Known Hosts"
   ssh_conf:
This repository contains all the generic deployment playbooks, which configure services running directly on the host. Includes playbooks for disk partitioning, Ceph configuration, hardening, security, SSH, operating system level user management etc.