From 2bcf91b97558318d90085498e884393e8eb07b0b Mon Sep 17 00:00:00 2001
From: pa <pa@crans.org>
Date: Fri, 1 Jan 2021 17:53:35 +0100
Subject: [PATCH] Ssh known hosts

---
 plays/gather_fact.yml                                  | 3 +++
 plays/ssh_known_hosts.yml                              | 5 +++++
 roles/ssh_known_hosts/tasks/main.yml                   | 5 +++++
 roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2 | 7 +++++++
 4 files changed, 20 insertions(+)
 create mode 100755 plays/gather_fact.yml
 create mode 100755 plays/ssh_known_hosts.yml
 create mode 100644 roles/ssh_known_hosts/tasks/main.yml
 create mode 100644 roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2

diff --git a/plays/gather_fact.yml b/plays/gather_fact.yml
new file mode 100755
index 00000000..29404790
--- /dev/null
+++ b/plays/gather_fact.yml
@@ -0,0 +1,3 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: all
diff --git a/plays/ssh_known_hosts.yml b/plays/ssh_known_hosts.yml
new file mode 100755
index 00000000..6a25361c
--- /dev/null
+++ b/plays/ssh_known_hosts.yml
@@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: crans_server
+  roles:
+    - ssh_known_hosts
diff --git a/roles/ssh_known_hosts/tasks/main.yml b/roles/ssh_known_hosts/tasks/main.yml
new file mode 100644
index 00000000..5f820080
--- /dev/null
+++ b/roles/ssh_known_hosts/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+- name:
+  template:
+    src: ssh/ssh_known_hosts.j2
+    dest: /etc/ssh/ssh_known_hosts
diff --git a/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2 b/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
new file mode 100644
index 00000000..15d9124a
--- /dev/null
+++ b/roles/ssh_known_hosts/templates/ssh/ssh_known_hosts.j2
@@ -0,0 +1,7 @@
+{% for host in groups["server"] | sort %}
+{% for keytype in ['ecdsa', 'rsa', 'ed25519'] %}
+{% if 'ssh_host_key_{}_public'.format(keytype) in hostvars[host]['ansible_facts'].keys() %}
+{{ query('ldap', 'all_cn', hostvars[host]['ansible_facts']['hostname']) | join(',') }},{{ query('ldap', 'all_ip', hostvars[host]['ansible_facts']['hostname']) | join(',') }} ssh-{{ keytype }} {{ hostvars[host]['ansible_facts']['ssh_host_key_{}_public'.format(keytype)] }} root@{{ hostvars[host]['ansible_facts']['hostname'] }}
+{% endif %}
+{% endfor %}
+{% endfor %}