commit fab685d4bb135ea10914b1190582d13008def6b5
author Martin Polreich <polreichmartin@gmail.com> Fri Sep 20 14:20:42 2019 +0200
committer Martin Polreich <polreichmartin@gmail.com> Mon Sep 23 11:20:34 2019 +0200
tree ddadd6e839199da74c054459d0d72b1495cbac0d
parent 1b6115209e468490bf2eee1f51186832234f0743

Fix for dynamic known_hosts

Fixes: PROD-33455

Change-Id: I643ef8544594a0d7c108e0b3a6d867f219428a2e

openssh/map.jinja

diff --git a/openssh/map.jinja b/openssh/map.jinja
index 0a0fc88..b16d816 100644
--- a/openssh/map.jinja
+++ b/openssh/map.jinja
@@ -1,24 +1,28 @@
 {% if pillar.openssh.get('client', {}).get('enabled', False) %}
-{% set local_hosts = salt['pillar.get']('linux:network:host') %}  {# Get all defined hosts #}
-{% set root_public_key = salt['pillar.get']('_param:root_public_key')|replace('ssh-rsa', '') %}  {# Get root's public key #}
-{% set root = salt['pillar.get'](key='openssh:client:user:root', default={}) %} {# Get predefined root user pillar data if there are any #}
-{% if root.known_hosts is not defined %}
-  {% do root.update({'known_hosts': []}) %} {# Prepare empty list if missing so it can be appended later #}
-{% endif %}
-{% for host_name, host in local_hosts.iteritems() %}  {# Iterate through all defined hosts #}
-  {% if host.address is defined %}
-    {% set new_host = {'name': host.address, 'host_public_key': root_public_key, 'type': 'ssh-rsa'} %}
-    {% do root['known_hosts'].append(new_host) %} {# Add the host to the list of known hosts #}
-  {% endif %}
-  {% for hostname in host.get('names', []) %}  {# Do the same again, but this time with all hostnames instead of IP addresses #}
-    {% set new_host = {'name': hostname, 'host_public_key': root_public_key, 'type': 'ssh-rsa'} %}
-    {% do root['known_hosts'].append(new_host) %}
+  {% set root = {} %}
+  {% set local_nodes = {} %}
+  {% for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() %} {# Get all fingerprints from mine #}
+    {% if node_grains.ssh_fingerprints is defined and node_grains.ssh_fingerprints is mapping %}
+      {% do local_nodes.update({node_grains.fqdn: node_grains.ssh_fingerprints}) %} {# Add host record with its full hostname #}
+      {% for ip_addr in node_grains.fqdn_ip4 %}
+        {% do local_nodes.update({ip_addr: node_grains.ssh_fingerprints}) %} {# Add host record with its IP address #}
+      {% endfor %}
+      {% do local_nodes.update({node_grains.nodename: node_grains.ssh_fingerprints}) %} {# Add host record with its short hostname #}
+    {% endif %}
   {% endfor %}
-{% endfor %}
-{% if root['user'] is not defined %}
-  {% do root.update({'user': {}}) %}
-  {% do root['user'].update({'name': 'root', 'home': '/root'}) %}  {# If remaining required data is not configured yet, do it now. #}
-{% endif %}
+  {% if local_nodes|length > 0 %}
+    {% if root.known_hosts is not defined %}
+      {% do root.update({'known_hosts': []}) %} {# Prepare empty list if missing so it can be appended later #}
+    {% endif %}
+    {% for host_name, fingerprints in local_nodes.iteritems() %}  {# Iterate through all defined hosts #}
+      {% set new_host = {'name': host_name, 'type': 'ssh-rsa', 'fingerprint': fingerprints.rsa, 'fingerprint_hash_type': 'md5'} %} {# Prepare new host record #}
+      {% do root['known_hosts'].append(new_host) %} {# Add the new host to the list of known hosts #}
+    {% endfor %}
+  {% endif %}
+  {% if root['user'] is not defined %}
+    {% do root.update({'user': {}}) %}
+    {% do root['user'].update({'name': 'root', 'home': '/root'}) %}  {# If remaining required data is not configured yet, do it now. #}
+  {% endif %}
 {% endif %}
 
 {% set server = salt['grains.filter_by']({