Add Ansible playbook to update known_hosts and ssh_config

ansible-update-ssh-config.yaml

@@ -0,0 +1,28 @@
+---
+- name: Collect servers SSH public keys to known_hosts
+  hosts: localhost
+  connection: local
+  vars:
+    targets: "{{ hostvars[groups['all']] }}"
+  tasks:
+    - name: Generate known_hosts
+      ansible.builtin.copy:
+        dest: known_hosts
+        content: |
+          # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
+          {% for host in groups['all'] | sort %}
+          {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -t ecdsa %s ' % (
+              hostvars[host].get('ansible_host', host))) }} # {{ host }}
+          {% endfor %}
+    - name: Generate ssh_config
+      ansible.builtin.copy:
+        dest: ssh_config
+        content: |
+          # Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
+          {% for host in groups['all'] | sort %}
+          Host {{ host }}
+              User root
+              Hostname {{ hostvars[host].get('ansible_host', host) }}
+              GlobalKnownHostsFile known_hosts
+              UserKnownHostsFile /dev/null
+          {% endfor %}

ansible.cfg

@@ -9,4 +9,4 @@ fact_caching = jsonfile
 fact_caching_connection = ~/.ansible/k-space-fact-cache
 
 [ssh_connection]
-ssh_args = -F ssh_config
+ssh_args = -F ssh_config -M -S ~/.ssh/cm-%r@%h:%p

inventory.yml

@@ -1,38 +1,77 @@
 all:
   children:
-    bind:
+    misc:
       hosts:
         ns1.k-space.ee:
+          ansible_host: 172.23.0.2
+        nas.k-space.ee:
+          ansible_host: 172.23.0.7
+    proxmox:
+      vars:
+        admins:
+          - rasmus
+      hosts:
+        pve1:
+          ansible_host: 172.21.20.1
+        pve2:
+          ansible_host: 172.21.20.2
+        pve8:
+          ansible_host: 172.21.20.8
+        pve9:
+          ansible_host: 172.21.20.9
     kubernetes:
       children:
         masters:
           hosts:
             master1.kube.k-space.ee:
+              ansible_host: 172.21.3.51
             master2.kube.k-space.ee:
+              ansible_host: 172.21.3.52
             master3.kube.k-space.ee:
+              ansible_host: 172.21.3.53
         kubelets:
           children:
             mon:
               hosts:
                 mon1.kube.k-space.ee:
+                  ansible_host: 172.21.3.61
                 mon2.kube.k-space.ee:
+                  ansible_host: 172.21.3.62
                 mon3.kube.k-space.ee:
+                  ansible_host: 172.21.3.63
             storage:
               hosts:
                 storage1.kube.k-space.ee:
+                  ansible_host: 172.20.3.71
                 storage2.kube.k-space.ee:
+                  ansible_host: 172.20.3.72
                 storage3.kube.k-space.ee:
+                  ansible_host: 172.20.3.73
                 storage4.kube.k-space.ee:
+                  ansible_host: 172.20.3.74
             workers:
               hosts:
                 worker1.kube.k-space.ee:
+                  ansible_host: 172.20.3.81
                 worker2.kube.k-space.ee:
+                  ansible_host: 172.20.3.82
                 worker3.kube.k-space.ee:
+                  ansible_host: 172.20.3.83
                 worker4.kube.k-space.ee:
-                worker9.kube.k-space.ee:
+                  ansible_host: 172.20.3.84
+#                worker9.kube.k-space.ee:
+#                  ansible_host: 172.20.3.89
     doors:
+      vars:
+        admins:
+          - arti
+          - herman
       hosts:
-        100.102.3.1:
+        grounddoor:
-        100.102.3.2:
+          ansible_host: 100.102.3.1
-        100.102.3.3:
+        frontdoor:
-        100.102.3.4:
+          ansible_host: 100.102.3.2
+        backdoor:
+          ansible_host: 100.102.3.3
+        workshopdoor:
+          ansible_host: 100.102.3.4

known_hosts

@@ -0,0 +1,25 @@
+# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
+100.102.3.3 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN4SifLddYAz8CasmFwX5TQbiM8atAYMFuDQRchclHM0sq9Pi8wRxSZK8SHON4Y7YFsIY+cXnQ2Wx4FpzKmfJYE= # backdoor
+100.102.3.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE8/E7PDqTrTdU+MFurHkIPzTBTGcSJqXuv5n0Ugd/IlvOr2v+eYi3ma91pSBmF5Hjy9foWypCLZfH+vWMkV0gs= # frontdoor
+100.102.3.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFcH8D2AhnESw3uu2f4EHBhT9rORQQJJ3TlbwN+kro5tRZsZk4p3MKabBiuCSZw2KWjfu0MY4yHSCrUUQrggJDM= # grounddoor
+172.21.3.51 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYy07yLlOiFvXzmVDIULS9VDCMz7T+qOq4M+x8Lo3KEKamI6ZD737mvimPTW6K1FRBzzq67Mq495UnoFKVnQWE= # master1.kube.k-space.ee
+172.21.3.52 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKRFfYDaTH58FUw+9stBVsyCviaPCGEbe9Y1a9WKvj98S7m+qU03YvtfPkRfEH/3iXHDvngEDVpJrTWW4y6e6MI= # master2.kube.k-space.ee
+172.21.3.53 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIqIepuMkMo/KO3bb4X6lgb6YViAifPmgHXVrbtHwbOZLll5Qqr4pXdLDxkuZsmiE7iZBw2gSzZLcNMGdDEnWrY= # master3.kube.k-space.ee
+172.21.3.61 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCJ9XgDz2NEzvjw/nDmRIKUJAmNqzsaXMJn4WFiWfTz1x2HrRcXgY3UXKWUxUvJO1jJ7hIvyE+V/8UtwYRDP1uY= # mon1.kube.k-space.ee
+172.21.3.62 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLveng7H/2Gek+HYDYRWFD0Dy+4l/zjrbF2mnnkBI5CFOtqK0zwBh41IlizkpmmI5fqEIXwhLFHZEWXbUvev5oo= # mon2.kube.k-space.ee
+172.21.3.63 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMgOIL43dgCYlwAI2O269iHxo7ymweG7NoXjnk2F529G5mP+mp5We4lDZEJVyLYtemvhQ2hEHI/WVPWy3SNiuM= # mon3.kube.k-space.ee
+172.23.0.7 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC15tWIbuBqd4UZLaRbpb6oTlwniS4cg2IYZYe5ys352azj2kzOnvtCGiPo0fynFadwfDHtge9JjK6Efwl87Wgc= # nas.k-space.ee
+172.23.0.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEP6i24/mo42DXrg5Mc8tZXvqZSqVP/7YqNWlK8oavtcOyfLBq2YuVMhQCDrCm5Hs4FM+qbdcPwEg55mhRJlQXg= # ns1.k-space.ee
+172.21.20.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHLHc3T/J5G1CIf33XeniJk5+D0cpaXe0OkHmpCQ3DoZC3KkFBpA+/U1mlo+qb8xf/GrMj6BMMMLXKSUxbEVGaU= # pve1
+172.21.20.2 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFGSRetFdHExRT69pHJAcuhqzAu+Xx4K2AEmWJhUZ2JYF7aa0JbltiYQs58Bpx9s9NA793tiHLZXABy56dI+D9Q= # pve2
+172.21.20.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMzNvX3ga56EELcI9gV7moyFdKllSwb81V2tCWIjhFVSFTo3QKH/gX/MBnjcs+RxeVV3GF7zIIv8492bCvgiO9s= # pve8
+172.21.20.9 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNU4YzKSzzUSnAgh4L1DF3dlC1VEaKVaIeTgsL5VJ0UMqjPr+8QMjIvo28cSLfIQYtfoQbt7ASVsm0uDQvKOldM= # pve9
+172.20.3.71 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI2jy8EsMo7Voor4URCMdgiEzc0nmYDowV4gB2rZ6hnH7bcKGdaODsCyBH6nvbitgnESCC8136RmdxCnO9/TuJ0= # storage1.kube.k-space.ee
+172.20.3.72 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKxa2PbOj7bV0AUkBZuPkQZ/3ZMeh1mUCD+rwB4+sXbvTc+ca+xgcPGdAozbY/cUA4GdaKelhjI9DEC46MeFymY= # storage2.kube.k-space.ee
+172.20.3.73 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGYqNHAxwwoZqne/uv5syRb+tEwpbaGeK8oct4IjIHcmPdU32JlMiSqLX7d58t/b8tqE1z2rM4gCc4bpzvNrHMQ= # storage3.kube.k-space.ee
+172.20.3.74 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI+FRuwbrUpMDg9gKf6AqcfovEkt8r5SgB4JXEuMD+I6pp+2PfbxMwrXQ8Xg3oHW+poG413KWw4FZOWv2gH4CEQ= # storage4.kube.k-space.ee
+172.20.3.81 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPnmGiEWtWnNNcF872fhYKCD07QwOb75BDEwN3fC4QYmBAbiN0iX/UH96r02V5f7uga3a07/xxt5P0cfEOdtQwQ= # worker1.kube.k-space.ee
+172.20.3.82 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBkSNAYeugxGvNmV3biY1s0BWPCEw3g3H0VWLomu/vPbg+GN10/A1pfgt62DHFCYDB6QZwkZM6HIFy8y0xhRl9g= # worker2.kube.k-space.ee
+172.20.3.83 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBe+A9Bg54UwUvlPguKDyNAsX7mYbnfMOxhK2UP2YofPlzJ0KDUuH5mbmw76XWz0L6jhT6I7hyc0QsFBdO3ug68= # worker3.kube.k-space.ee
+172.20.3.84 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKoNIL+kEYphi/yCdhIytxqRaucm2aTzFrmNN4gEjCrn4TK8A46fyqAuwmgyLQFm7RD5qcEKPWP57Cl0DhTU1T4= # worker4.kube.k-space.ee
+100.102.3.4 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMpkSqEOyYrKXChxl6PAV+q0KypOPnKsXoXWO1JSZSIOwAs5YTzt8Q1Ryb+nQnAOlGj1AY1H7sRllTzdv0cA/EM= # workshopdoor

ssh_config

@@ -1,8 +1,121 @@
-Host *
+# Use `ansible-playbook ansible-update-ssh-config.yml` to update this file
+Host backdoor
     User root
-    ControlPersist 8h
+    Hostname 100.102.3.3
-    ControlMaster auto
+    GlobalKnownHostsFile known_hosts
-    ControlPath ~/.ssh/cm-%r@%h:%p
+    UserKnownHostsFile /dev/null
-
+Host frontdoor
+    User root
+    Hostname 100.102.3.2
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host grounddoor
+    User root
+    Hostname 100.102.3.1
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host master1.kube.k-space.ee
+    User root
+    Hostname 172.21.3.51
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host master2.kube.k-space.ee
+    User root
+    Hostname 172.21.3.52
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host master3.kube.k-space.ee
+    User root
+    Hostname 172.21.3.53
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host mon1.kube.k-space.ee
+    User root
+    Hostname 172.21.3.61
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host mon2.kube.k-space.ee
+    User root
+    Hostname 172.21.3.62
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host mon3.kube.k-space.ee
+    User root
+    Hostname 172.21.3.63
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host nas.k-space.ee
+    User root
+    Hostname 172.23.0.7
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
 Host ns1.k-space.ee
-    Hostname 172.20.0.2
+    User root
+    Hostname 172.23.0.2
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host pve1
+    User root
+    Hostname 172.21.20.1
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host pve2
+    User root
+    Hostname 172.21.20.2
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host pve8
+    User root
+    Hostname 172.21.20.8
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host pve9
+    User root
+    Hostname 172.21.20.9
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host storage1.kube.k-space.ee
+    User root
+    Hostname 172.20.3.71
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host storage2.kube.k-space.ee
+    User root
+    Hostname 172.20.3.72
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host storage3.kube.k-space.ee
+    User root
+    Hostname 172.20.3.73
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host storage4.kube.k-space.ee
+    User root
+    Hostname 172.20.3.74
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host worker1.kube.k-space.ee
+    User root
+    Hostname 172.20.3.81
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host worker2.kube.k-space.ee
+    User root
+    Hostname 172.20.3.82
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host worker3.kube.k-space.ee
+    User root
+    Hostname 172.20.3.83
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host worker4.kube.k-space.ee
+    User root
+    Hostname 172.20.3.84
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null
+Host workshopdoor
+    User root
+    Hostname 100.102.3.4
+    GlobalKnownHostsFile known_hosts
+    UserKnownHostsFile /dev/null