From 6b1fc4d83fce72eca263ddcc60a9ecd78fa0b203 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 4 Sep 2017 17:24:51 +0000 Subject: [PATCH] for initial installs use gathered ssh host key, then remove and use signed ones --- roles/basessh/tasks/main.yml | 6 ++++++ tasks/virt_instance_create.yml | 14 ++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml index 03d83e1e35..45c2ca0024 100644 --- a/roles/basessh/tasks/main.yml +++ b/roles/basessh/tasks/main.yml @@ -172,3 +172,9 @@ - config - sshd - base + +- name: make sure there is no old ssh host key for the host still around + local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent + ignore_errors: True + with_items: + - /root/.ssh/known_hosts diff --git a/tasks/virt_instance_create.yml b/tasks/virt_instance_create.yml index 6f70af7d98..0046e36aba 100644 --- a/tasks/virt_instance_create.yml +++ b/tasks/virt_instance_create.yml @@ -76,6 +76,13 @@ tags: - armv7-kernel +- name: make sure there is no old ssh host key for the host still around + local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent + ignore_errors: True + with_items: + - /root/.ssh/known_hosts + when: inventory_hostname not in result.list_vms + - name: (osbs-control01.stg) make sure there is no old ssh host key for the host still around known_hosts: path={{item}} host={{ inventory_hostname }} state=absent ignore_errors: True @@ -104,6 +111,13 @@ register: hostkey when: inventory_hostname not in result.list_vms +- name: add new ssh host key (until we can sign it) + local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present + ignore_errors: True + with_items: + - /root/.ssh/known_hosts + when: inventory_hostname not in result.list_vms + - name: (osbs-control01.stg) add new ssh host key known_hosts: path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present ignore_errors: True