Last active
July 14, 2022 09:49
-
-
Save cbrunnkvist/2a6090b35a9de7e8bac7c2f49ddb7409 to your computer and use it in GitHub Desktop.
SSH keyscan all Ansible inventory
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # in retrospect, it's better to just run e.g. | |
| # ansible all -a true --ssh-extra-args="-o UpdateHostKeys=yes -o StrictHostKeyChecking=accept-new" | |
| - hosts: all | |
| gather_facts: false | |
| tasks: | |
| - name: Set custom SSH port fact (or use default) | |
| delegate_to: localhost | |
| set_fact: | |
| ansible_ssh_port: "{{ hostvars[inventory_hostname]['ansible_ssh_port'] | default('22') }}" | |
| - name: Scan and save all SSH host keys | |
| delegate_to: localhost | |
| lineinfile: | |
| dest: ~/.ssh/known_hosts | |
| create: yes | |
| state: present | |
| line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment