Ensure that we only scan new host keys when we have built a new VM

1 year ago · a64917859d
parent 63a5754b65
commit a64917859d
2 changed files with 31 additions and 29 deletions
--- a/tasks/connect.yml
+++ b/tasks/connect.yml
@ -1,36 +1,37 @@
 ---

- name: Connect - Ensure we don't have an incorrect SSH host key stored on the Ansible controller
-  ansible.builtin.command:
-    cmd: "ssh-keygen -R {{ ansible_host }}"
-  register: create_vm_proxmox_remove_ssh_host_key_cmd
-  changed_when:
-    - '"# Host " + ansible_host + " found" in create_vm_proxmox_remove_ssh_host_key_cmd.stdout'
-  when:
-    - create_vm_proxmox_remove_ssh_host_key | bool
-  delegate_to: localhost
+- name: Managing SSH Host Keys
+  when: create_vm_proxmox_clone_vm is changed
+  block:
+    - name: Connect - Remove any existing host keys for this host
+      ansible.builtin.command:
+        cmd: "ssh-keygen -R {{ ansible_host }}"
+      register: create_vm_proxmox_remove_ssh_host_key_cmd
+      changed_when: '"# Host " + ansible_host + " found" in create_vm_proxmox_remove_ssh_host_key_cmd.stdout'
+      when: create_vm_proxmox_remove_ssh_host_key | bool
+      delegate_to: localhost

- name: Connect - Wait for SSH to become available
-  ansible.builtin.wait_for:
-    host: "{{ ansible_host }}"
-    port: 22
-    delay: 10
-    timeout: 120
-  delegate_to: localhost
+    - name: Connect - Wait for SSH to become available
+      ansible.builtin.wait_for:
+        host: "{{ ansible_host }}"
+        port: 22
+        delay: 10
+        timeout: 120
+      delegate_to: localhost

- name: Connect - Get SSH host keys
-  ansible.builtin.shell:
-    cmd: "ssh-keyscan {{ ansible_host }} >> ~/.ssh/known_hosts"
-  args:
-    executable: /bin/bash
-  changed_when: true
-  delegate_to: localhost
+    - name: Connect - Get SSH host keys
+      ansible.builtin.shell:
+        cmd: "ssh-keyscan {{ ansible_host }} >> ~/.ssh/known_hosts"
+      args:
+        executable: /bin/bash
+      changed_when: true
+      delegate_to: localhost

- name: Connect - Ensure we can connect
-  ansible.builtin.wait_for_connection:
-    connect_timeout: 10
-    delay: 5
-    sleep: 2
-    timeout: 120
+    - name: Connect - Ensure we can connect
+      ansible.builtin.wait_for_connection:
+        connect_timeout: 10
+        delay: 5
+        sleep: 2
+        timeout: 120

 ...
--- a/tasks/proxmox.yml
+++ b/tasks/proxmox.yml
@ -48,6 +48,7 @@
    memory: "{{ create_vm_proxmox_memory_mb | default(omit) }}"
    net: "{{ create_vm_proxmox_net | default(omit) }}"
  when: create_vm_proxmox_check_if_vm_exists.proxmox_vms | length == 0
+  register: create_vm_proxmox_clone_vm
  delegate_to: localhost

 - name: Proxmox - Manage virtual disks for virtual machine