Merge "Revert "Disable host key checking in nodepool""

commit: abd1322bbb6b2dd2e3a121a89d3dd186b38ec154 [log] [tgz]
author: James E. Blair <jeblair@redhat.com> Tue Jul 07 22:47:43 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jul 07 22:47:43 2020 +0000
tree: 721be6658f44c2d1c6d86796d793abdbd2b13489
parent: 0deb26a3d21ffaf7f0346912960b0ffb199c4855 [diff]
parent: 1bf66605b7652f0cad5e63cb2294b4fa4a029d37 [diff]
diff --git a/nodepool/nodepool.yaml b/nodepool/nodepool.yaml
index b2f3a6e..2f7dfea 100644
--- a/nodepool/nodepool.yaml
+++ b/nodepool/nodepool.yaml

@@ -18,18 +18,6 @@
       - name: main
         max-servers: 4
         use-internal-ip: True
-        # Host key checking is disabled because:
-        # 1) We're using the internal IP so it's slightly less
-        # valuable (fewer attack vectors).
-        # 2) The images we're using appear to have a key baked into
-        # them which is overwritten at boot.  Because we're using the
-        # internal IP, nodepool can end up connecting to the instance
-        # very quickly and retrieving the original host key rather
-        # than the new one (which is likely to be written a couple of
-        # seconds later).  By disabling this in nodepool, we let Zuul
-        # just use the first key it finds (and it's likely to take
-        # long enough that it will have been updated by then).
-        host-key-checking: False
         labels:
           - name: debian-stretch-8G
             instance-type: n1-standard-2
commit	abd1322bbb6b2dd2e3a121a89d3dd186b38ec154	[log] [tgz]
author	James E. Blair <jeblair@redhat.com>	Tue Jul 07 22:47:43 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Jul 07 22:47:43 2020 +0000
tree	721be6658f44c2d1c6d86796d793abdbd2b13489
parent	0deb26a3d21ffaf7f0346912960b0ffb199c4855 [diff]
parent	1bf66605b7652f0cad5e63cb2294b4fa4a029d37 [diff]