e30333940f
The known_hosts module returns a failure on centos/rocky 10 when given a comment line from ssh-keyscan output. Fix by excluding them with grep. Change-Id: I29e7e8a7480009fd359b8aa8b867b11900109f00 Signed-off-by: Pierre Riteau <pierre@stackhpc.com>
38 lines
1.5 KiB
YAML
38 lines
1.5 KiB
YAML
---
|
|
# If no IP address has been configured for the host on the admin network, this
|
|
# is typically the first task to fail. Provide a friendly message with
|
|
# information on how to resolve the issue.
|
|
- name: Validate SSH address
|
|
fail:
|
|
msg: >-
|
|
Host {{ inventory_hostname }} has no address configured on the admin
|
|
network. IP addresses may be manually configured in
|
|
'network-allocation.yml', or are automatically allocated during the
|
|
following commands: 'kayobe seed hypervisor host configure', 'kayobe
|
|
seed host configure', 'kayobe overcloud host configure', 'kayobe seed
|
|
vm provision' and 'kayobe overcloud inventory discover'.
|
|
when: not ansible_host | default(inventory_hostname)
|
|
|
|
# NOTE(priteau): Exclude comments from ssh-keyscan output because they break
|
|
# known_hosts on centos/rocky 10.
|
|
- name: Scan for SSH keys
|
|
local_action:
|
|
module: shell ssh-keyscan {{ item }} | grep -v '^#'
|
|
with_items:
|
|
- "{{ ansible_host | default(inventory_hostname) }}"
|
|
register: keyscan_result
|
|
changed_when: False
|
|
|
|
# NOTE(priteau): Run this task serially as known_hosts is not safe to execute
|
|
# concurrently, and some keys can end up being dropped. For more details see
|
|
# https://github.com/ansible/proposals/issues/113
|
|
- name: Ensure SSH keys are in known hosts
|
|
local_action:
|
|
module: known_hosts
|
|
host: "{{ item[0].item }}"
|
|
key: "{{ item[1] }}"
|
|
with_subelements:
|
|
- "{{ keyscan_result.results }}"
|
|
- stdout_lines
|
|
throttle: 1
|