Keep known_hosts cleaner

When repeating osdeploy initialize of local known_hosts, more gracefeully avoid duplicate entries.
2024-11-25 02:52:07 +00:00 · 2022-03-02 16:04:01 -05:00 · 2022-03-02 16:04:01 -05:00 · 15e7e4464e
commit 15e7e4464e
parent 687136131e
1 changed files with 21 additions and 1 deletions
--- a/confluent_server/bin/osdeploy
+++ b/confluent_server/bin/osdeploy
@ -297,9 +297,29 @@ def initialize(cmdset):
    if cmdset.l:
        local_node_trust_setup()
    if cmdset.k:
-        with open('/etc/ssh/ssh_known_hosts', 'a+b') as skh:
+        cas = set([])
+        cakeys = set([])
+        try:
+            with open('/etc/ssh/ssh_known_hosts', 'rb') as skh:
+                for line in skh.read().split(b'\n'):
+                    try:
+                        cakey = line.split()[3]
+                        cakeys.add(cakey)
+                    except IndexError:
+                        pass
+                    if line:
+                        cas.add(line)
+        except IOError:
+            pass
+        with open('/etc/ssh/ssh_known_hosts', 'wb') as skh:
+            for ca in cas:
+                skh.write(ca)
+                skh.write(b'\n')
            for cafile in glob.glob('/var/lib/confluent/public/site/ssh/*.ca'):
                cacert = open(cafile, 'rb').read()
+                cakey = cacert.split()[1]
+                if cakey in cakeys:
+                    continue
                cacert = b'@cert-authority * ' + cacert
                skh.write(cacert)
    if cmdset.g: