* known_hosts: clarify key format in documentation
Add a small clarification to the documentation about the format of the
"key" parameter.
Should make #664 less of a issue for newcomers.
* known_hosts: normalize key entry to simplify input
Keys are normalized before comparing input with present keys. This
should make it easier to deal with some corner cases, such as having a
hashed entry for some host and trying to add it as non-hashed.
* known_hosts: allow multiple entries per host
In order to support multiple key types and allow the installed ssh
version to decide which is more secure, the module now only overwrites
an existing entry in known_hosts if the provided key is of the same
type.
Old keys of different types must be explicitly removed. Setting
state to "absent" and providing no key will remove all entries for the
host.
Prior to openssh 6.4, ssh-keygen -F returned 0 (and no output) when no
host was found. After then, it instead returned 1 and no output. This
revised code behaves correctly with either behaviour. There is
currently no other code path that results in exit(1) and no output.
These are all the code changes from Brian's review:
* change #! line
* rename "host" to "name" [keep as alias]
* make documentation clearer
* imports 1 per line
* use get_bin_path to find ssh-keygen
* key not actually required when removing host
The known_hosts module lets you add or remove a host from the
known_hosts file. This is useful if you're going to want to use the
git module over ssh, for example. If you have a very large number of
host keys to manage, you will find the template module more useful.
This was pull request 7840 from the old ansible repo, which was
accepted-in-principle but not yet merged. The mailing list thread
reading it is:
https://groups.google.com/forum/#!topic/ansible-devel/_e7H_VT6UJE/discussion
Chris Weber
Brian Coca
Leo Antunes
Michael Scherer
Greg DeKoenigsberg
Sterling Windmill
Matthew Vernon
Tyler Kellen