Skip to content
Snippets Groups Projects
Commit a0fdcb28 authored by Lars Beckers's avatar Lars Beckers
Browse files

hostkey-provider: implement hostkey caching

parent dc9f2126
Branches
No related tags found
No related merge requests found
---
- name: re-read local facts for new hostkeys
setup: filter=ansible_local
---
- name: ensure host keys are centrally collected
ini_file:
path: "/etc/ansible/facts.d/hostkeys_{{ ansible_host }}.fact"
section: collected
option: "{{ item.key }}"
value: "{{ item.value }}"
with_items:
- { key: 'ipv4', value: "{{ ansible_all_ipv4_addresses|join(',') }}" }
- { key: 'ipv6', value: "{{ ansible_all_ipv6_addresses|join(',') }}" }
- { key: 'ed25519', value: "{{ ansible_ssh_host_key_ed25519_public }}" }
- { key: 'rsa', value: "{{ ansible_ssh_host_key_rsa_public }}" }
delegate_to: "{{ hostvars[hostkeys_collector]['ansible_fqdn'] }}"
ignore_errors: True
notify:
- re-read local facts for new hostkeys
- meta: flush_handlers
- name: ensure all host keys are distributed
template:
src: known_hosts.j2
......
{%- for k,v in hostvars.items()|sort %}
{#
{%- if 'ansible_ssh_host_key_ed25519_public' in v -%}
{{ v['ansible_host'] }},{{ v['ansible_all_ipv4_addresses']|join(',') }},{{ v['ansible_all_ipv6_addresses']|join(',') }} ssh-ed25519 {{ v['ansible_ssh_host_key_ed25519_public'] }}
{{ v['ansible_host'] }},{{ v['ansible_all_ipv4_addresses']|join(',') }},{{ v['ansible_all_ipv6_addresses']|join(',') }} ssh-rsa {{ v['ansible_ssh_host_key_rsa_public'] }}
{%- else -%}
{%- if 'ansible_local' in hostvars[hostkeys_collector] and 'hostkeys_' ~ v['ansible_host'] in hostvars[hostkeys_collector]['ansible_local'] -%}
#}
{%- set c = hostvars[hostkeys_collector]['ansible_local']['hostkeys_'~ v['ansible_host']]['collected'] -%}
{{ v['ansible_host'] }},{{ c['ipv4'] }},{{ c['ipv6'] }} ssh-ed25519 {{ c['ed25519'] }}
{{ v['ansible_host'] }},{{ c['ipv4'] }},{{ c['ipv6'] }} ssh-rsa {{ c['rsa'] }}
{#
{%- endif -%}
{%- endif -%}
#}
{% endfor -%}
{{ lookup('file', known_hosts) }}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment