91 lines
3.3 KiB
YAML
91 lines
3.3 KiB
YAML
---
|
|
# Copyright 2019 Red Hat, Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
|
|
- name: Add host keys in /etc/ssh/ssh_known_hosts for live/cold-migration
|
|
become: true
|
|
check_mode: false
|
|
block:
|
|
- name: Create temporary file for ssh_known_hosts
|
|
tempfile:
|
|
state: file
|
|
register: ssh_known_hosts_tmp
|
|
|
|
- name: Check for ssh_known_hosts file
|
|
stat:
|
|
path: /etc/ssh/ssh_known_hosts
|
|
register: _ssh_known_hosts
|
|
|
|
- name: Create a temporary copy of ssh_known_hosts
|
|
slurp:
|
|
src: "/etc/ssh/ssh_known_hosts"
|
|
register: existing_ssh_known_hosts
|
|
when:
|
|
- _ssh_known_hosts.stat.exists | bool
|
|
|
|
- name: Write temporary file
|
|
copy:
|
|
content: "{{ existing_ssh_known_hosts['content'] | b64decode }}"
|
|
dest: "{{ ssh_known_hosts_tmp.path }}"
|
|
when:
|
|
- _ssh_known_hosts.stat.exists | bool
|
|
|
|
- name: Set ssh_known_hosts fact
|
|
run_once: true
|
|
set_fact:
|
|
ssh_known_hosts_lines: |-
|
|
{% for host in groups['allovercloud'] | intersect(play_hosts) %}
|
|
{% set hostdata = hostvars[host] %}
|
|
{% if 'ansible_ssh_host_key_rsa_public' in hostdata %}
|
|
{% set entries = [] %}
|
|
{% set enabled_host_networks = hostdata['tripleo_role_networks']|default([]) %}
|
|
{% for network in enabled_host_networks %}
|
|
{% if (network ~ '_ip') in hostdata %}
|
|
{% set _ = entries.append('[' ~ hostdata[network ~ '_ip'] ~ ']*') %}
|
|
{% endif %}
|
|
{% if (network ~ '_hostname') in hostdata %}
|
|
{% set _ = entries.append('[' ~ hostdata[network ~ '_hostname'] ~ ']*') %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% if 'canonical_hostname' in hostdata %}
|
|
{% set _ = entries.append('[' ~ hostdata['canonical_hostname'] ~ ']*') %}
|
|
{% endif %}
|
|
{% set _ = entries.append('[' ~ host ~ ']*') %}
|
|
{% set line = entries|unique|join(',') ~ ' ssh-rsa ' ~ hostdata['ansible_ssh_host_key_rsa_public'] %}
|
|
{{ line }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
- name: Add host keys to temporary ssh_known_hosts
|
|
blockinfile:
|
|
path: "{{ ssh_known_hosts_tmp.path }}"
|
|
block: "{{ ssh_known_hosts_lines }}"
|
|
create: true
|
|
|
|
# Workaround https://bugs.launchpad.net/tripleo/+bug/1810932
|
|
# Ansible modules perform a replace instead of in-place modification.
|
|
# This breaks propagation of changes to containers that bind mount ssh_known_hosts
|
|
- name: In-place update of /etc/ssh_known_hosts
|
|
shell: |-
|
|
cat '{{ ssh_known_hosts_tmp.path }}' > /etc/ssh/ssh_known_hosts
|
|
|
|
- name: Remove temp file
|
|
file:
|
|
path: "{{ ssh_known_hosts_tmp.path }}"
|
|
state: absent
|
|
tags:
|
|
- tripleo_ssh_known_hosts
|