From 5cdacdfbf4bb0da5b54b23e43908ba3162f74201 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Wed, 6 Sep 2017 16:31:15 -0500 Subject: [PATCH] Handle floating ips in multi-node-known-hosts Nodes (and ansible) don't know about floating ips because they are external. However, they are valid interfaces over which nodes might talk to each other- especially if we're re-using the inventory generated for the jobs. Start off by grabbing all of the addresses from nodepool, if they exist. Then do the loop for finding the addresses we want. Then collapse that list with set and do a pass to create the actual list of hosts and keys needed. Change-Id: I748fae1c86d7bb9333dc251991308282858811a4 --- .../library/generate_all_known_hosts.py | 53 +++++++++++-------- 1 file changed, 31 insertions(+), 22 deletions(-) diff --git a/roles/multi-node-known-hosts/library/generate_all_known_hosts.py b/roles/multi-node-known-hosts/library/generate_all_known_hosts.py index 98106925f..fb5961b52 100644 --- a/roles/multi-node-known-hosts/library/generate_all_known_hosts.py +++ b/roles/multi-node-known-hosts/library/generate_all_known_hosts.py @@ -37,6 +37,14 @@ def main(): public_keys = [x for x in this.keys() if x.startswith('ansible_ssh_host_key')] + addresses = [this['ansible_host']] + nodepool = this.get('nodepool', {}) + for nodepool_address in ( + 'interface_ip', 'public_ipv4', 'private_ipv4', 'public_ipv6'): + address = nodepool.get(nodepool_address) + if address: + addresses.append(address) + for iface in this.get('ansible_interfaces', []): iface_key = 'ansible_{}'.format(iface.replace('-', '_')) ipv4 = this[iface_key].get('ipv4') @@ -45,31 +53,32 @@ def main(): ipv6 = this[iface_key].get('ipv6') if not isinstance(ipv6, list): ipv6 = [ipv6] - addresses = [x['address'] for x in ipv4 if x and not - x['address'].startswith('127.')] + addresses += [x['address'] for x in ipv4 if x and not + x['address'].startswith('127.')] addresses += [y['address'] for y in ipv6 if y and not y['scope'] == 'host'] addresses += [this['ansible_hostname']] - for addr in addresses: - for key in public_keys: - if key.endswith('rsa_public'): - key_type = 'ssh-rsa' - elif key.endswith('ecdsa_public'): - # XXX This will not work with > 256 bit ecdsa keys - # until https://github.com/ansible/ansible/issues/28325 - # is fixed. We're using the proposed scheme in case it - # does merge as-is, but it may need to be updated if - # the patch is changed as well. - key_type = this.get('{}_type'.format(key), - 'ecdsa-sha2-nistp256') - elif key.endswith('ed25519_public'): - key_type = 'ssh-ed25519' - else: - continue - known_hosts.add( - '{addr} {key_type} {key}'.format(addr=addr, - key_type=key_type, - key=this[key])) + + for addr in set(addresses): + for key in public_keys: + if key.endswith('rsa_public'): + key_type = 'ssh-rsa' + elif key.endswith('ecdsa_public'): + # XXX This will not work with > 256 bit ecdsa keys + # until https://github.com/ansible/ansible/issues/28325 + # is fixed. We're using the proposed scheme in case it + # does merge as-is, but it may need to be updated if + # the patch is changed as well. + key_type = this.get('{}_type'.format(key), + 'ecdsa-sha2-nistp256') + elif key.endswith('ed25519_public'): + key_type = 'ssh-ed25519' + else: + continue + known_hosts.add( + '{addr} {key_type} {key}'.format(addr=addr, + key_type=key_type, + key=this[key])) ret = { 'ansible_facts': {