Revert "Disable host key checking in nodepool"
This reverts commit 49f721a0ba3531384bfaf920fdf1f4a606e6fa92.
Reason for revert: This did not work as expected -- all connections received a host key verification error.
Change-Id: Id0be45f2c45e61f513d26bb5a6801e145255d484
diff --git a/nodepool/nodepool.yaml b/nodepool/nodepool.yaml
index b2f3a6e..2f7dfea 100644
--- a/nodepool/nodepool.yaml
+++ b/nodepool/nodepool.yaml
@@ -18,18 +18,6 @@
- name: main
max-servers: 4
use-internal-ip: True
- # Host key checking is disabled because:
- # 1) We're using the internal IP so it's slightly less
- # valuable (fewer attack vectors).
- # 2) The images we're using appear to have a key baked into
- # them which is overwritten at boot. Because we're using the
- # internal IP, nodepool can end up connecting to the instance
- # very quickly and retrieving the original host key rather
- # than the new one (which is likely to be written a couple of
- # seconds later). By disabling this in nodepool, we let Zuul
- # just use the first key it finds (and it's likely to take
- # long enough that it will have been updated by then).
- host-key-checking: False
labels:
- name: debian-stretch-8G
instance-type: n1-standard-2