diff options
author | Patrick Steinhardt <ps@pks.im> | 2020-08-10 13:08:38 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2020-09-14 10:52:13 +0300 |
commit | 0d1aea91348277316e59a495fe9b768dd70ee96c (patch) | |
tree | 1347584dbd968f8cdd9effdff8eb7835692c31c8 /_support | |
parent | 93cc67a7095a73b6e15132c55bb44c5c2b793c17 (diff) |
terraform: Scan and add SSH host keys
After having deployed the cluster, the first connection to deployed
machines is currently going to fail because of unknown host keys. Let's
improve this situation by scanning deployed hosts and adding their keys
to the known_hosts file automatically.
Diffstat (limited to '_support')
-rw-r--r-- | _support/terraform/roles/deploy/handlers/main.yml | 12 | ||||
-rw-r--r-- | _support/terraform/roles/deploy/tasks/main.yml | 2 |
2 files changed, 14 insertions, 0 deletions
diff --git a/_support/terraform/roles/deploy/handlers/main.yml b/_support/terraform/roles/deploy/handlers/main.yml new file mode 100644 index 000000000..d2d7522d2 --- /dev/null +++ b/_support/terraform/roles/deploy/handlers/main.yml @@ -0,0 +1,12 @@ +- name: scan SSH keys + command: "ssh-keyscan {{ item }}" + register: ssh_keys + with_items: "{{ tfstate.outputs.gitaly_ssh_ip.value.values() | list + tfstate.outputs.praefect_ssh_ip.value.values() | list + [tfstate.outputs.gitlab_external_ip.value] }}" + listen: add hostkeys + +- name: add SSH keys to known hosts + known_hosts: + name: "{{ item.item }}" + key: "{{ item.stdout }}" + with_items: "{{ ssh_keys.results }}" + listen: add hostkeys diff --git a/_support/terraform/roles/deploy/tasks/main.yml b/_support/terraform/roles/deploy/tasks/main.yml index bb9ac2268..152d844cb 100644 --- a/_support/terraform/roles/deploy/tasks/main.yml +++ b/_support/terraform/roles/deploy/tasks/main.yml @@ -18,6 +18,8 @@ variables_file: terraform.tfvars force_init: true register: tfstate + notify: + - add hostkeys - name: hosts.ini template: |