Browse Source

Merge "Use blockinfile for tripleo-ssh-known-hosts" into stable/stein

changes/95/681695/1
Zuul 1 week ago
parent
commit
c3f7a75fa0
1 changed files with 40 additions and 10 deletions
  1. 40
    10
      roles/tripleo-ssh-known-hosts/tasks/main.yml

+ 40
- 10
roles/tripleo-ssh-known-hosts/tasks/main.yml View File

@@ -10,21 +10,51 @@
10 10
       tempfile:
11 11
         state: file
12 12
       register: ssh_known_hosts_tmp
13
+
14
+    - name: Check for ssh_known_hosts file
15
+      stat:
16
+        path: /etc/ssh/ssh_known_hosts
17
+      register: _ssh_known_hosts
18
+
13 19
     - name: Create a temporary copy of ssh_known_hosts
14
-      shell: |
15
-        if [[ -e /etc/ssh/ssh_known_hosts ]]; then
16
-          cat /etc/ssh/ssh_known_hosts > '{{ ssh_known_hosts_tmp.path }}'
17
-        fi
20
+      slurp:
21
+        src: "/etc/ssh/ssh_known_hosts"
22
+      register: existing_ssh_known_hosts
23
+      when:
24
+        - _ssh_known_hosts.stat.exists | bool
25
+
26
+    - name: Write temporary file
27
+      copy:
28
+        content: "{{ existing_ssh_known_hosts['content'] | b64decode }}"
29
+        dest: "{{ ssh_known_hosts_tmp.path }}"
30
+      when:
31
+        - _ssh_known_hosts.stat.exists | bool
32
+
33
+    - name: Set ssh_known_hosts fact
34
+      run_once: true
35
+      set_fact:
36
+        ssh_known_hosts_lines: |-
37
+          {%- for item in groups['overcloud'] | intersect(play_hosts) %}
38
+          {{ ssh_known_hosts[hostvars[item]['ansible_hostname'] | lower] ~ ' ssh-rsa ' ~ hostvars[item]['ansible_ssh_host_key_rsa_public'] }}
39
+          {% endfor %}
40
+
18 41
     - name: Add host keys to temporary ssh_known_hosts
19
-      lineinfile:
42
+      blockinfile:
20 43
         path: "{{ ssh_known_hosts_tmp.path }}"
21
-        line: "{{ ssh_known_hosts[hostvars[item]['ansible_hostname'] | lower] + ' ssh-rsa ' + hostvars[item]['ansible_ssh_host_key_rsa_public'] }}"
22
-        create: yes
23
-      with_items: "{{ groups['overcloud']|intersect(play_hosts) }}"
44
+        block: "{{ ssh_known_hosts_lines }}"
45
+        create: true
46
+
47
+    # Workaround https://bugs.launchpad.net/tripleo/+bug/1810932
48
+    # Ansible modules perform a replace instead of in-place modification.
49
+    # This breaks propagation of changes to containers that bind mount ssh_known_hosts
24 50
     - name: In-place update of /etc/ssh_known_hosts
25
-      shell: |
51
+      shell: |-
26 52
         cat '{{ ssh_known_hosts_tmp.path }}' > /etc/ssh/ssh_known_hosts
27
-        rm -f '{{ ssh_known_hosts_tmp.path }}'
53
+
54
+    - name: Remove temp file
55
+      file:
56
+        path: "{{ ssh_known_hosts_tmp.path }}"
57
+        state: absent
28 58
   tags:
29 59
     - tripleo_ssh_known_hosts
30 60
 

Loading…
Cancel
Save