From 0d1aea91348277316e59a495fe9b768dd70ee96c Mon Sep 17 00:00:00 2001
From: Patrick Steinhardt <ps@pks.im>
Date: Mon, 10 Aug 2020 12:08:38 +0200
Subject: terraform: Scan and add SSH host keys

After having deployed the cluster, the first connection to deployed
machines is currently going to fail because of unknown host keys. Let's
improve this situation by scanning deployed hosts and adding their keys
to the known_hosts file automatically.
---
 _support/terraform/roles/deploy/handlers/main.yml | 12 ++++++++++++
 _support/terraform/roles/deploy/tasks/main.yml    |  2 ++
 2 files changed, 14 insertions(+)
 create mode 100644 _support/terraform/roles/deploy/handlers/main.yml

(limited to '_support')

diff --git a/_support/terraform/roles/deploy/handlers/main.yml b/_support/terraform/roles/deploy/handlers/main.yml
new file mode 100644
index 000000000..d2d7522d2
--- /dev/null
+++ b/_support/terraform/roles/deploy/handlers/main.yml
@@ -0,0 +1,12 @@
+- name: scan SSH keys
+  command: "ssh-keyscan {{ item }}"
+  register: ssh_keys
+  with_items: "{{ tfstate.outputs.gitaly_ssh_ip.value.values() | list + tfstate.outputs.praefect_ssh_ip.value.values() | list + [tfstate.outputs.gitlab_external_ip.value] }}"
+  listen: add hostkeys
+
+- name: add SSH keys to known hosts
+  known_hosts:
+    name: "{{ item.item }}"
+    key: "{{ item.stdout }}"
+  with_items: "{{ ssh_keys.results }}"
+  listen: add hostkeys
diff --git a/_support/terraform/roles/deploy/tasks/main.yml b/_support/terraform/roles/deploy/tasks/main.yml
index bb9ac2268..152d844cb 100644
--- a/_support/terraform/roles/deploy/tasks/main.yml
+++ b/_support/terraform/roles/deploy/tasks/main.yml
@@ -18,6 +18,8 @@
     variables_file: terraform.tfvars
     force_init: true
   register: tfstate
+  notify:
+    - add hostkeys
 
 - name: hosts.ini
   template:
-- 
cgit v1.2.3