With multiple remote hosts, only one key in `.ssh/known_host` is created
Opened this issue · 5 comments
I would expect one key per remote host. Or have I misunderstood things (again)?
On the hosts you are pulling backups from (role rsnapshot-remote-host
) there should only be one key in the known_hosts
of user backupro
.
On the host pulling the backup (role rsnapshot-backup-host
), there should be atleast one key per host you are pulling backups from.
On the host pulling the backup (role
rsnapshot-backup-host
), there should be atleast one key per host you are pulling backups from.
Exactly. If I remove the backupro
& backuppuller
users from the rsnapshot-backup-host
and multiple rsnapshot-remote-host
machines, and rerun everything, I only see one key in the backuppuller
on rsnapshot-backup-host
.
I thought it might be a race condition, and would need throttle: 1
in the Install hostkey on backup pulling host
task, but that hasn't solved the problem.
Please remove known_hosts and rerun your playbook with -vvv
, and post the output here. I have never experienced a problem like this.
Thanks for the -vvv
hint. There are two things going on:
- The
Install hostkey on backup pulling host
task is trying to use the same key for both hosts. - It adds it correctly for the first host, then tries to use the key for the first host in the line for the second, but the
known_hosts
task then sees the key is the same and replaces the first key with the second (incorrect) key.
If I run the play twice, once for each host, it all works.
It looks to me that because there is only one file (tmp-rsnapshot-host-key
), fetching the second key overwrite the first key.
I guess the solution is to use the tempfile
module to create the filenames, rather than hardcoding them, and register them in a dictionary, where the key is the hostname.