| 1 | --- |
| 2 | # Note: this playbook requires ansible-core >= 2.11 |
| 3 | # |
| 4 | - name: Generate local known_hosts files using ssh-keyscan |
| 5 | hosts: localhost |
| 6 | tasks: |
| 7 | - block: |
| 8 | - name: Scan keys |
| 9 | ansible.builtin.command: |
| 10 | argv: "{{ ['ssh-keyscan' ] + all_hosts }}" |
| 11 | register: keyscan_results |
| 12 | - ansible.builtin.known_hosts: |
| 13 | path: ../known_hosts |
| 14 | name: "{{ keyscan_host }}" |
| 15 | key: "{{ keyscan_key }}" |
| 16 | when: keyscan_results.rc == 0 |
| 17 | vars: |
| 18 | keyscan_host: "{{ item | split(' ') | first }}" |
| 19 | keyscan_key: "{{ item }}" |
| 20 | with_items: "{{ keyscan_results.stdout | split('\n') }}" |
| 21 | vars: |
| 22 | all_hosts: "{{ groups['all'] | difference(['localhost']) }}" |