openstack
/
tripleo-common
Code Issues Proposed changes

Merge "Use blockinfile for tripleo-ssh-known-hosts" into stable/stein

This commit is contained in:
Zuul 2019-09-11 15:36:12 +00:00 committed by Gerrit Code Review
parent a632b6fcb7 7cbf96af90
commit c3f7a75fa0
1 changed files with 40 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
roles/tripleo-ssh-known-hosts/tasks/main.yml
View File

@ -10,21 +10,51 @@
tempfile: tempfile:
state: file state: file
register: ssh_known_hosts_tmp register: ssh_known_hosts_tmp
- name: Check for ssh_known_hosts file
stat:
path: /etc/ssh/ssh_known_hosts
register: _ssh_known_hosts
- name: Create a temporary copy of ssh_known_hosts - name: Create a temporary copy of ssh_known_hosts
shell: | slurp:
if [[ -e /etc/ssh/ssh_known_hosts ]]; then src: "/etc/ssh/ssh_known_hosts"
cat /etc/ssh/ssh_known_hosts > '{{ ssh_known_hosts_tmp.path }}' register: existing_ssh_known_hosts
fi when:
- _ssh_known_hosts.stat.exists | bool
- name: Write temporary file
copy:
content: "{{ existing_ssh_known_hosts['content'] | b64decode }}"
dest: "{{ ssh_known_hosts_tmp.path }}"
when:
- _ssh_known_hosts.stat.exists | bool
- name: Set ssh_known_hosts fact
run_once: true
set_fact:
ssh_known_hosts_lines: |-
{%- for item in groups['overcloud'] | intersect(play_hosts) %}
{{ ssh_known_hosts[hostvars[item]['ansible_hostname'] | lower] ~ ' ssh-rsa ' ~ hostvars[item]['ansible_ssh_host_key_rsa_public'] }}
{% endfor %}
- name: Add host keys to temporary ssh_known_hosts - name: Add host keys to temporary ssh_known_hosts
lineinfile: blockinfile:
path: "{{ ssh_known_hosts_tmp.path }}" path: "{{ ssh_known_hosts_tmp.path }}"
line: "{{ ssh_known_hosts[hostvars[item]['ansible_hostname'] | lower] + ' ssh-rsa ' + hostvars[item]['ansible_ssh_host_key_rsa_public'] }}" block: "{{ ssh_known_hosts_lines }}"
create: yes create: true
with_items: "{{ groups['overcloud']|intersect(play_hosts) }}"
# Workaround https://bugs.launchpad.net/tripleo/+bug/1810932
# Ansible modules perform a replace instead of in-place modification.
# This breaks propagation of changes to containers that bind mount ssh_known_hosts
- name: In-place update of /etc/ssh_known_hosts - name: In-place update of /etc/ssh_known_hosts
shell: | shell: |-
cat '{{ ssh_known_hosts_tmp.path }}' > /etc/ssh/ssh_known_hosts cat '{{ ssh_known_hosts_tmp.path }}' > /etc/ssh/ssh_known_hosts
rm -f '{{ ssh_known_hosts_tmp.path }}'
- name: Remove temp file
file:
path: "{{ ssh_known_hosts_tmp.path }}"
state: absent
tags: tags:
- tripleo_ssh_known_hosts - tripleo_ssh_known_hosts