mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
mysql_dashboard
infrastructure/playbooks/tasks/sync-ssh-hostkeys.yml
Jakub Klinkovský 13b5367d33
Set LC_COLLATE for the ssh-keyscan command 
Just in case, locales are complicated...
2020-10-26 22:22:41 +01:00

51 lines
2.4 KiB
YAML
Raw Permalink Blame History

---
- name: fetch ssh hostkeys
hosts: all,!rsync_net,!hetzner_storageboxes
tasks:
- name: fetch hostkey checksums
shell: "for type in sha256 md5; do for file in /etc/ssh/ssh_host_*.pub; do ssh-keygen -l -f $file -E $type; done; echo; done"
register: ssh_hostkeys
changed_when: ssh_hostkeys | length > 0
- name: fetch known_hosts
shell: "set -o pipefail && ssh-keyscan 127.0.0.1 2>/dev/null | sed 's#^127.0.0.1#{{ inventory_hostname }}#' | sort"
environment:
LC_COLLATE: C # to ensure reproducible ordering
args:
executable: /bin/bash # required for repro3.pkgbuild.com which is ubuntu and has dash as default shell
register: known_hosts
changed_when: known_hosts | length > 0
- name: store hostkeys
hosts: localhost
tasks:
- name: store hostkeys
copy:
dest: "{{ playbook_dir }}/../../docs/ssh-hostkeys.txt"
content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].ssh_hostkeys.stdout }}\n\n{% endfor %}"
mode: preserve
delegate_to: localhost
- name: store known_hosts
copy:
dest: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
content: "{% for host in query('inventory_hostnames', 'all,!rsync_net,!hetzner_storageboxes,!localhost') | sort %}# {{ host }}\n{{ hostvars[host].known_hosts.stdout }}\n\n{% endfor %}"
mode: preserve
delegate_to: localhost
- name: manually append rsync.net host keys
lineinfile:
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
line: "{% for host in query('inventory_hostnames', 'rsync_net') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
delegate_to: localhost
- name: manually append Hetzner Storageboxes host keys
lineinfile:
path: "{{ playbook_dir }}/../../docs/ssh-known_hosts.txt"
line: "{% for host in query('inventory_hostnames', 'hetzner_storageboxes') | sort %}# {{ host }}\n{{ hostvars[host].known_host }}\n\n{% endfor %}"
delegate_to: localhost
- name: upload known_hosts to all nodes
hosts: all,!rsync_net,!hetzner_storageboxes
tasks:
- name: upload known_hosts
copy: dest=/etc/ssh/ssh_known_hosts src="{{ playbook_dir }}/../../docs/ssh-known_hosts.txt" owner=root group=root mode=0644
tags: ['upload-known-hosts']
View Git Blame Copy Permalink