Merge pull request #26 from Diesel-Net/development

tomdaley92 · web-flow · commit 4fe863eb1585 · 2022-03-30T06:57:33.000-07:00
Development
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -1,5 +1,5 @@
 # safe/sane defaults
-auto_reboots: no
+auto_reboots: yes
 timezone: America/Los_Angeles
 
 # ssh user vars
@@ -25,7 +25,6 @@ ssh_known_hosts: "{{ groups['all'] }}"
 apt_packages:
   - qemu-guest-agent
   - python3-pip
-  - python3-venv
   - tree
   - wget
   - curl
diff --git a/tasks/main.yaml b/tasks/main.yaml
@@ -6,20 +6,6 @@
   shell: chage -I -1 -m 0 -M 99999 -E -1 root
   become: yes
 
-- include_tasks: configure_apt_proxy.yaml
-
-- name: Install apt packages
-  apt:
-    name: "{{ apt_packages }}"
-    state: present
-    autoclean: yes
-    update_cache: yes
-  become: yes
-
-- name: Rebuild Trusted certificate store
-  command: update-ca-certificates --fresh
-  become: yes
-
 - name: Install step (PKI/ACME client for private/internal CA)
   block:
     - name: Create temp dir
@@ -51,3 +37,17 @@
     --fingerprint {{ ca_fingerprint }} \
     --install -f
   become: yes
+
+- name: Rebuild Trusted certificate store
+  command: update-ca-certificates --fresh
+  become: yes
+
+- include_tasks: configure_apt_proxy.yaml
+
+- name: Install apt packages
+  apt:
+    name: "{{ apt_packages }}"
+    state: present
+    autoclean: yes
+    update_cache: yes
+  become: yes
diff --git a/tasks/scan_hosts.yaml b/tasks/scan_hosts.yaml
@@ -1,23 +1,32 @@
-- name: For each host, scan for its ssh public key
+# failures from unreachable/offline hosts ignored
+- name: scan for hosts public keys
+  delegate_to: localhost
+  with_items: '{{ inventory_hostname }}'
   shell: "ssh-keyscan {{ item }},{{ lookup ('dig', item) }}"
-  with_items: "{{ inventory_hostname }}"
-  register: ssh_known_host_results
+  register: keyscan
   ignore_errors: yes
-  delegate_to: localhost
 
-- name: Remove the public host key in the '{{ ssh_known_hosts_file }}'
+- with_items: '{{ keyscan.results }}'
+  debug:
+    msg: '{{ item.rc }}'
+
+- name: remove the public host key from known_hosts file
+  delegate_to: localhost
+  loop: '{{ keyscan.results }}'
+  loop_control:
+    loop_var: result
+  when: result.rc == 0
   known_hosts:
-    name: "{{ item.item }}"
+    name: "{{ result.item }}"
     state: "absent"
-    path: "{{ ssh_known_hosts_file }}"
-  with_items: "{{ ssh_known_host_results.results }}"
-  delegate_to: localhost
 
-- name: Add/update the public host key in the '{{ ssh_known_hosts_file }}'
+- name: add/update the public host key in known_hosts file
+  delegate_to: localhost
+  loop: '{{ keyscan.results }}'
+  loop_control:
+    loop_var: result
+  when: result.rc == 0
   known_hosts:
-    name: "{{ item.item }}"
-    key: "{{ item.stdout }}"
+    name: "{{ result.item }}"
+    key: "{{ result.stdout }}"
     state: "present"
-    path: "{{ ssh_known_hosts_file }}"
-  with_items: "{{ ssh_known_host_results.results }}"
-  delegate_to: localhost
