[PATCH v1 0/6] Enable users to set an alternate ssh port

[Chuck Lever <cel@kernel.org>]

From: Chuck Lever <chuck.lever@oracle.com>

Particularly in the cloud, provisioning publicly visible instances
with port 22 for ssh is bad security practice. Almost as soon as
kdevops brings up such an instance, it comes under attack on port
22.

So, my thought is to enable the use of an alternate port for Ansible
control. This series provides that flexibility; the default is still
to use port 22.

I've tested this with RHEL 9 on AWS, Azure, GCE, and OCI, and with
Debian 12 on AWS; and I tested with Fedora and guestfs.

One of the side benefits of this series is that now all of the
cloud providers except Lambda make use of a cloud-init script. We
can introduce additional capabilities there, going forward.

Also pushed to the linux-kdevops/kdevops alternate-ssh-port branch.

Chuck Lever (6):
  ansible.cfg: Allow the use of alternate ssh ports
  base_image: Make the semanage command available on base images
  guestfs: Refactor the construction of the virt-sysprep command line
  guestfs: Use the alternate ssh port for Ansible control
  terraform: Hoist the AWS cloud-init script into terraform/
  terraform: Use the alternate ssh port for Ansible control

 kconfigs/Kconfig.ansible_cfg                  | 41 ++++++++
 playbooks/nixos.yml                           |  2 +-
 .../ansible_cfg/templates/ansible.cfg.j2      |  3 +
 .../base_image/templates/virt-builder.j2      |  2 +-
 .../templates/aws/terraform.tfvars.j2         |  1 +
 .../templates/azure/terraform.tfvars.j2       |  1 +
 .../templates/gce/terraform.tfvars.j2         |  1 +
 .../templates/lambdalabs/terraform.tfvars.j2  |  1 +
 .../templates/oci/terraform.tfvars.j2         |  1 +
 .../templates/openstack/terraform.tfvars.j2   |  1 +
 .../roles/guestfs/tasks/bringup/main.yml      | 44 +++++----
 .../roles/terraform/templates/ssh_config.j2   |  2 +-
 scripts/update_ssh_config_guestfs.py          |  3 +-
 scripts/update_ssh_config_lambdalabs.py       | 18 +++-
 terraform/aws/main.tf                         |  7 +-
 terraform/aws/templates/script.sh             | 55 -----------
 terraform/azure/main.tf                       |  9 +-
 terraform/gce/main.tf                         | 23 ++++-
 terraform/lambdalabs/main.tf                  | 43 +++++++-
 terraform/oci/main.tf                         | 11 ++-
 terraform/openstack/main.tf                   | 11 ++-
 terraform/scripts/cloud-init.sh               | 97 +++++++++++++++++++
 terraform/shared.tf                           |  6 ++
 23 files changed, 289 insertions(+), 94 deletions(-)
 delete mode 100755 terraform/aws/templates/script.sh
 create mode 100755 terraform/scripts/cloud-init.sh

-- 
2.51.0