From dc1664c8f37b50288c2fdf9af0235d012fdbce12 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Sun, 9 Apr 2017 23:17:58 +0000
Subject: [PATCH] Combine properly

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/base/tasks/sshcerts.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/base/tasks/sshcerts.yml b/roles/base/tasks/sshcerts.yml
index 7bf68277cf..291f0cbff9 100644
--- a/roles/base/tasks/sshcerts.yml
+++ b/roles/base/tasks/sshcerts.yml
@@ -82,7 +82,7 @@
 
 - name: Set some extra signing facts
   set_fact:
-    sign_hostnames: "[ '{{inventory_hostname}}' ] + ssh_hostnames | join(',')"
+    sign_hostnames: "{{ssh_hostnames}} + ['{{inventory_hostname}}']"
     sign_validity: "-1h:+1y"
   when: env == "staging"
   tags:
@@ -93,7 +93,7 @@
 
 # Currently, we use the epoch as serial. That's unique enough for now
 - name: Sign the certificates
-  command: "ssh-keygen -s {{private}}/files/ssh/staging_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames }} -V {{sign_validity}} -z {{ansible_date_time.epoch}} {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
+  command: "ssh-keygen -s {{private}}/files/ssh/staging_ca_host_key -I {{inventory_hostname}} -h -n {{ sign_hostnames|join(',') }} -V {{sign_validity}} -z {{ansible_date_time.epoch}} {{pubkeydir}}/{{inventory_hostname}}{{item}}.pub"
   delegate_to: "batcave01.phx2.fedoraproject.org"
   with_items: "{{certs_to_sign}}"
   when: env == "staging"