Ssh known hosts

plays/gather_fact.yml

@@ -0,0 +1,3 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: all

plays/ssh_known_hosts.yml

@@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: crans_server
+  roles:
+    - ssh_known_hosts

roles/ssh_known_hosts/tasks/main.yml

@@ -0,0 +1,5 @@
+---
+- name:
+  template:
+    src: ssh/ssh_known_hosts.j2
+    dest: /etc/ssh/ssh_known_hosts

roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2

@@ -0,0 +1,7 @@
+{% for host in groups["server"] | sort %}
+{% for keytype in ['ecdsa', 'rsa', 'ed25519'] %}
+{% if 'ssh_host_key_{}_public'.format(keytype) in hostvars[host]['ansible_facts'].keys() %}
+{{ query('ldap', 'all_cn', hostvars[host]['ansible_facts']['hostname']) | join(',') }},{{ query('ldap', 'all_ip', hostvars[host]['ansible_facts']['hostname']) | join(',') }} ssh-{{ keytype }} {{ hostvars[host]['ansible_facts']['ssh_host_key_{}_public'.format(keytype)] }} root@{{ hostvars[host]['ansible_facts']['hostname'] }}
+{% endif %}
+{% endfor %}
+{% endfor %}