for initial installs use gathered ssh host key, then remove and use signed ones

2 files changed, 20 insertions, 0 deletions

diff --git a/roles/basessh/tasks/main.yml b/roles/basessh/tasks/main.yml
index 03d83e1e3..45c2ca002 100644
--- a/roles/basessh/tasks/main.yml
+++ b/roles/basessh/tasks/main.yml
@@ -172,3 +172,9 @@
   - config
   - sshd
   - base
+
+- name: make sure there is no old ssh host key for the host still around
+  local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent
+  ignore_errors: True
+  with_items:
+  - /root/.ssh/known_hosts
diff --git a/tasks/virt_instance_create.yml b/tasks/virt_instance_create.yml
index 6f70af7d9..0046e36ab 100644
--- a/tasks/virt_instance_create.yml
+++ b/tasks/virt_instance_create.yml
@@ -76,6 +76,13 @@
   tags:
     - armv7-kernel
 
+- name: make sure there is no old ssh host key for the host still around
+  local_action: known_hosts path={{item}} host={{ inventory_hostname }} state=absent
+  ignore_errors: True
+  with_items:
+  - /root/.ssh/known_hosts
+  when: inventory_hostname not in result.list_vms
+
 - name: (osbs-control01.stg) make sure there is no old ssh host key for the host still around
   known_hosts: path={{item}} host={{ inventory_hostname }} state=absent
   ignore_errors: True
@@ -104,6 +111,13 @@
   register: hostkey
   when: inventory_hostname not in result.list_vms
 
+- name: add new ssh host key (until we can sign it)
+  local_action: known_hosts path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present
+  ignore_errors: True
+  with_items:
+  - /root/.ssh/known_hosts
+  when: inventory_hostname not in result.list_vms
+
 - name: (osbs-control01.stg) add new ssh host key
   known_hosts: path={{item}} key="{{ hostkey.stdout }}" host={{ inventory_hostname }} state=present
   ignore_errors: True