ansible: Add play to run produce known_hosts file using ssh-keyscan

Change-Id: Iaec237bb973d0f94717b24ea624bc87ea701e6e3

diff --git a/automation/ansible/playbooks/known-hosts.yml b/automation/ansible/playbooks/known-hosts.yml
new file mode 100644 (file)
index 0000000..e490a5f
--- /dev/null
+++ b/automation/ansible/playbooks/known-hosts.yml
@@ -0,0 +1,22 @@
+---
+# Note: this playbook requires ansible-core >= 2.11
+#
+- name: Generate local known_hosts files using ssh-keyscan
+  hosts: localhost
+  tasks:
+    - block:
+        - name: Scan keys
+          ansible.builtin.command:
+            argv: "{{ ['ssh-keyscan' ] + all_hosts }}"
+          register: keyscan_results
+        - ansible.builtin.known_hosts:
+            path: ../known_hosts
+            name: "{{ keyscan_host }}"
+            key: "{{ keyscan_key }}"
+          when: keyscan_results.rc == 0
+          vars:
+            keyscan_host: "{{ item | split(' ') | first }}"
+            keyscan_key: "{{ item }}"
+          with_items: "{{ keyscan_results.stdout | split('\n') }}"
+      vars:
+        all_hosts: "{{ groups['all'] | difference(['localhost']) }}"