persist login hostkey across rebuilds

sjpb · sjpb · commit b7e2dbcd7e44 · 2022-11-29T14:58:04.000Z
diff --git a/roles/persist_hostkeys/tasks/main.yml b/roles/persist_hostkeys/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+
+- name: Ensure hostkeys directory exists on persistent storage
+  file:
+    path: "{{ appliances_state_dir }}/hostkeys/{{ inventory_hostname }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0600
+
+- name: Copy hostkeys from persistent storage
+  # won't fail if no keys are in persistent storage
+  copy:
+    src: "{{ appliances_state_dir }}/hostkeys/{{ inventory_hostname }}/"
+    dest: /etc/ssh/
+    remote_src: true
+
+- name: Find hostkeys
+  find:
+    path: /etc/ssh/
+    patterns: ssh_host_*_key*
+  register: _find_ssh_keys
+
+- name: Persist hostkeys
+  copy:
+    dest: "{{ appliances_state_dir }}/hostkeys/{{ inventory_hostname }}/"
+    src: "{{ item }}"
+    remote_src: true
+    mode: preserve
+  loop: "{{ _find_ssh_keys.files | map(attribute='path') }}"
+
+- meta: reset_connection
+
diff --git a/slurm-infra.yml b/slurm-infra.yml
@@ -20,6 +20,13 @@
       loop_control:
         loop_var: host
 
+- name: Persist login hostkey across rebuilds
+  hosts: login
+  gather_facts: no
+  become: yes
+  roles:
+    - persist_hostkeys
+
 # Ensure that the secrets are generated and persisted on the control host
 - name: Generate and persist secrets
   hosts: control
