playbook: switch to ansible_host in authorized_key.yml

[davidumea]

What kind of PR is this?

Required: Mark one of the following that is applicable:

• kind/feature
• kind/improvement
• kind/deprecation
• kind/documentation
• kind/clean-up
• kind/bug
• kind/other

Optional: Mark one or more of the following that are applicable:

Important

Critical security fixes should be marked with kind/security
Breaking changes should be marked kind/admin-change or kind/dev-change depending on type

• kind/admin-change
• kind/dev-change
• kind/security
• kind/adr

What does this PR do / why do we need this PR?

When running apply-ssh on v2.24.0-ck8s1 on openstack environments it would fail with

TASK [For each host, scan for its ssh public key] ****************************************************************************************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_ssh_host'. 'ansible.vars.hostvars.HostVarsVars object' has no attribute 'ansible_ssh_host'\n\nThe error appears to be in '/home/user/compliantkubernetes-kubespray/playbooks/authorized_key.yml': line 10, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n  tasks:\n  - name: For each host, scan for its ssh public key\n    ^ here\n"}

Additional information to reviewers

Screenshots

Checklist

• Proper commit message prefix on all commits
• Change checks:
  • The change is transparent
  • The change is disruptive
  • The change requires no migration steps
  • The change requires migration steps
• Metrics checks:
  • The metrics are still exposed and present in Grafana after the change
  • The metrics names didn't change (Grafana dashboards and Prometheus alerts are not affected)
  • The metrics names did change (Grafana dashboards and Prometheus alerts were fixed)
• Logs checks:
  • The logs do not show any errors after the change
• Network Policy checks:
  • Any changed pod is covered by Network Policies
  • The change does not cause any dropped packages in the NetworkPolicy Dashboard
• Pod Security Policy checks:
  • Any changed pod is covered by Pod Security Admission
  • Any changed pod is covered by Gatekeeper Pod Security Policies
  • The change does not cause any pods to be blocked by Pod Security Admission or Policies
• Falco checks:
  • The change does not cause any alerts to be generated by Falco

[OlleLarsson]

Is this because they removed ansible_ssh_host from the dynamic inventory in 2.24?

[OlleLarsson]

Don't think this reboot_nodes playbook is used very much anymore but I assume it should be updated as well for completeness sake

[davidumea]

Is this because they removed ansible_ssh_host from the dynamic inventory in 2.24?

I think it's because they bumped ansible version in 2.24, ansible_ssh_host seems to be remove in that version.

[OlleLarsson]

Seems to be a note here in the ansible docs

Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port. If you are using a version of Ansible prior to 2.0, you should continue using the older style variables (ansible_ssh_*). These shorter variables are ignored, without warning, in older versions of Ansible.

[OlleLarsson]

LGTM