Fix known_hosts module issue on centos/rocky 10

priteau · priteau · commit 85ad72a561f7 · 2025-08-29T19:48:36.000Z
The known_hosts module returns a failure on centos/rocky 10 when given a comment line from ssh-keyscan output. Fix by excluding them with grep. Change-Id: I29e7e8a7480009fd359b8aa8b867b11900109f00 Signed-off-by: Pierre Riteau <pierre@stackhpc.com> (cherry picked from commit e303339)
diff --git a/ansible/roles/bootstrap/tasks/main.yml b/ansible/roles/bootstrap/tasks/main.yml
@@ -61,8 +61,10 @@
     user: "{{ ansible_facts.user_id }}"
     key: "{{ lookup('file', bootstrap_ssh_private_key_path ~ '.pub') }}"
 
+# NOTE(priteau): Exclude comments from ssh-keyscan output because they break
+# known_hosts on centos/rocky 10.
 - name: Scan for SSH keys
-  command: ssh-keyscan {{ item }}
+  shell: ssh-keyscan {{ item }} | grep -v '^#'
   with_items:
     - localhost
     - 127.0.0.1
diff --git a/ansible/roles/ssh-known-host/tasks/main.yml b/ansible/roles/ssh-known-host/tasks/main.yml
@@ -13,9 +13,11 @@
       vm provision' and 'kayobe overcloud inventory discover'.
   when: not ansible_host | default(inventory_hostname)
 
+# NOTE(priteau): Exclude comments from ssh-keyscan output because they break
+# known_hosts on centos/rocky 10.
 - name: Scan for SSH keys
   local_action:
-    module: command ssh-keyscan {{ item }}
+    module: shell ssh-keyscan {{ item }} | grep -v '^#'
   with_items:
     - "{{ ansible_host|default(inventory_hostname) }}"
   register: keyscan_result
