With multiple remote hosts, only one key in `.ssh/known_host` is created
Opened this issue · 5 comments
I would expect one key per remote host. Or have I misunderstood things (again)?
On the hosts you are pulling backups from (role rsnapshot-remote-host) there should only be one key in the known_hosts of user backupro.
On the host pulling the backup (role rsnapshot-backup-host), there should be atleast one key per host you are pulling backups from.
On the host pulling the backup (role
rsnapshot-backup-host), there should be atleast one key per host you are pulling backups from.
Exactly. If I remove the backupro & backuppuller users from the rsnapshot-backup-host and multiple rsnapshot-remote-host machines, and rerun everything, I only see one key in the backuppuller on rsnapshot-backup-host.
I thought it might be a race condition, and would need throttle: 1 in the Install hostkey on backup pulling host task, but that hasn't solved the problem.
Please remove known_hosts and rerun your playbook with -vvv, and post the output here. I have never experienced a problem like this.
Thanks for the -vvv hint. There are two things going on:
- The
Install hostkey on backup pulling hosttask is trying to use the same key for both hosts. - It adds it correctly for the first host, then tries to use the key for the first host in the line for the second, but the
known_hoststask then sees the key is the same and replaces the first key with the second (incorrect) key.
If I run the play twice, once for each host, it all works.
It looks to me that because there is only one file (tmp-rsnapshot-host-key), fetching the second key overwrite the first key.
I guess the solution is to use the tempfile module to create the filenames, rather than hardcoding them, and register them in a dictionary, where the key is the hostname.