#6398 playbooks/destroy_virt_inst should remove old ssh keys.
Closed: Fixed 6 years ago Opened 6 years ago by ralph.

Today, when we destroy a host and rebuild it, the playbook will remove the old ssh key from /root/.ssh/known_hosts a little ways into the process.

However, you still have to type "yes" once to get past the conflicting host key warning the first time the playbook connects.

This could be resolved if the destroy_virt_inst playbook removed the old key at the time the VM was destroyed. This is a fine time to do it, because no one is going to be connecting to that boxen anymore. :)


@ralph I'd like to look at this if you're not already working on it.

Looking at the master of playbooks/destroy_virt_instance I don't see any code about removing the known_hosts keys, just some libvirt interaction (destroy, undefine, etc). It looks like it's removing the storage associated with the VM, and in doing removing, the keys.

Well, we have switched around how this works some. :)
We are now using signed ssh host keys, so we have no need to remove (or store) the specific ssh host key.

When you create a new instance it grabs the key from it, uses it to sign the keys and push them back out and removes it.

So, I think this is all already done... can you let me know if you see it asking for a host key again and we can figure out what case we don't have covered. (unless you know the specific case).

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

6 years ago

Login to comment on this ticket.

Metadata