diff --git a/plays/gather_fact.yml b/plays/gather_fact.yml
new file mode 100755
index 00000000..29404790
--- /dev/null
+++ b/plays/gather_fact.yml
@@ -0,0 +1,3 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: all
diff --git a/plays/ssh_known_hosts.yml b/plays/ssh_known_hosts.yml
new file mode 100755
index 00000000..6a25361c
--- /dev/null
+++ b/plays/ssh_known_hosts.yml
@@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: crans_server
+  roles:
+    - ssh_known_hosts
diff --git a/roles/ssh_known_hosts/tasks/main.yml b/roles/ssh_known_hosts/tasks/main.yml
new file mode 100644
index 00000000..5f820080
--- /dev/null
+++ b/roles/ssh_known_hosts/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name:
+  template:
+    src: ssh/ssh_known_hosts.j2
+    dest: /etc/ssh/ssh_known_hosts
diff --git a/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2 b/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
new file mode 100644
index 00000000..15d9124a
--- /dev/null
+++ b/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
@@ -0,0 +1,7 @@
+{% for host in groups["server"] | sort %}
+{% for keytype in ['ecdsa', 'rsa', 'ed25519'] %}
+{% if 'ssh_host_key_{}_public'.format(keytype) in hostvars[host]['ansible_facts'].keys() %}
+{{ query('ldap', 'all_cn', hostvars[host]['ansible_facts']['hostname']) | join(',') }},{{ query('ldap', 'all_ip', hostvars[host]['ansible_facts']['hostname']) | join(',') }} ssh-{{ keytype }} {{ hostvars[host]['ansible_facts']['ssh_host_key_{}_public'.format(keytype)] }} root@{{ hostvars[host]['ansible_facts']['hostname'] }}
+{% endif %}
+{% endfor %}
+{% endfor %}