Merge pull request #1 from altlinuxteam/dev

distribute ssh host keys among all nodes
2018-11-02 00:22:27 +04:00 · 2018-11-02 00:22:27 +04:00 · f97d6d15d9
commit f97d6d15d9
parent 55985436dc 22af0daf5b
3 changed files with 20 additions and 17 deletions
--- a/provision.yml
+++ b/provision.yml
@ -22,6 +22,9 @@
 - name: prepare nodes
  hosts: stack
  gather_facts: false
+  # cannot use free strategy due usage of add_host after 
+  # NICs reconfiguration
+  #strategy: free
  pre_tasks:
    - meta: end_play
      when: destroy_all is defined and destroy_all
@ -32,3 +35,17 @@
  - {role: prepare-config, tags: [ ]}
  - {role: common, tags: [ ]}
  tags: [ prepare ]
+
+- name: put ssh host keys to all nodes
+  hosts: stack
+  gather_facts: false
+  strategy: free
+  tasks:
+    - name: put keys to known hosts
+      copy:
+        src: ".tmp/{{ stack_name }}.known_hosts"
+        dest: "/etc/openssh/ssh_known_hosts"
+        owner: root
+        group: root
+        mode: 0644
+  tags: [ prepare ]
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -129,19 +129,15 @@
    group: root
    mode: 0644

- name: fetch ssh host keys
-  fetch:
-    src: /etc/openssh/ssh_host_rsa_key.pub
-    dest: ".tmp/{{ inventory_hostname_short }}.ssh_host_rsa_key.pub"
-
 - name: read public ssh host key
  slurp:
-    src: /etc/openssh/ssh_host_rsa_key.pub
+    src: /etc/openssh/ssh_host_ed25519_key.pub
  register: host_key

 - name: store public ssh host key in local file
  lineinfile:
-    line: "{{ inventory_hostname_short}} {{ host_key.content | b64decode }}"
+    regexp: "^{{ inventory_hostname_short}} "
+    line: "{{ inventory_hostname_short}},{{ inventory_hostname_short }}.{{ stack.domain | lower }} {{ host_key.content | b64decode | trim }}"
    path: ".tmp/{{ stack_name }}.known_hosts"
    create: yes
  delegate_to: localhost
--- a/roles/prepare-config/tasks/generate_nodes.yml
+++ b/roles/prepare-config/tasks/generate_nodes.yml
@ -7,18 +7,8 @@
    loop_control:
      loop_var: n
    register: res
-    #  when: st.nodes[item].provider != 'bare'
-
-    #- debug: msg="{{env}}"
-
-    #- set_fact:
-    #gen_nodes: "{{ dict({item: env['bare'][ st.nodes[item]['env_node'] ]}) }}"
-    #when: st.nodes[item].provider == 'bare'
-
-    #- debug: msg="{{gen_nodes}}"

 - set_fact:
    tmp_nodes: []
 - set_fact:
    gen_nodes: "{{ (res.results | map(attribute='ansible_facts.node') | list) + gen_nodes }}"
-    #  when: st.nodes[item].provider != 'bare'