From e30333940f6215740b22f987a50ad191e876b7d2 Mon Sep 17 00:00:00 2001
From: Pierre Riteau <pierre@stackhpc.com>
Date: Fri, 11 Jul 2025 09:31:52 +0200
Subject: [PATCH] Fix known_hosts module issue on centos/rocky 10

The known_hosts module returns a failure on centos/rocky 10 when given a
comment line from ssh-keyscan output. Fix by excluding them with grep.

Change-Id: I29e7e8a7480009fd359b8aa8b867b11900109f00
Signed-off-by: Pierre Riteau <pierre@stackhpc.com>
---
 ansible/roles/bootstrap/tasks/main.yml      | 4 +++-
 ansible/roles/ssh-known-host/tasks/main.yml | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/bootstrap/tasks/main.yml b/ansible/roles/bootstrap/tasks/main.yml
index f5a1e1b4f..ee673a204 100644
--- a/ansible/roles/bootstrap/tasks/main.yml
+++ b/ansible/roles/bootstrap/tasks/main.yml
@@ -61,8 +61,10 @@
     user: "{{ ansible_facts.user_id }}"
     key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}"
 
+# NOTE(priteau): Exclude comments from ssh-keyscan output because they break
+# known_hosts on centos/rocky 10.
 - name: Scan for SSH keys
-  command: ssh-keyscan {{ item }}
+  shell: ssh-keyscan {{ item }} | grep -v '^#'
   with_items:
     - localhost
     - 127.0.0.1
diff --git a/ansible/roles/ssh-known-host/tasks/main.yml b/ansible/roles/ssh-known-host/tasks/main.yml
index 2f850a089..a59ceffc1 100644
--- a/ansible/roles/ssh-known-host/tasks/main.yml
+++ b/ansible/roles/ssh-known-host/tasks/main.yml
@@ -13,9 +13,11 @@
       vm provision' and 'kayobe overcloud inventory discover'.
   when: not ansible_host | default(inventory_hostname)
 
+# NOTE(priteau): Exclude comments from ssh-keyscan output because they break
+# known_hosts on centos/rocky 10.
 - name: Scan for SSH keys
   local_action:
-    module: command ssh-keyscan {{ item }}
+    module: shell ssh-keyscan {{ item }} | grep -v '^#'
   with_items:
     - "{{ ansible_host | default(inventory_hostname) }}"
   register: keyscan_result