With multiple remote hosts, only one key in .ssh/known_host is created

[carygravel]

I would expect one key per remote host. Or have I misunderstood things (again)?

[Yannik]

On the hosts you are pulling backups from (role rsnapshot-remote-host) there should only be one key in the known_hosts of user backupro.

On the host pulling the backup (role rsnapshot-backup-host), there should be atleast one key per host you are pulling backups from.

[carygravel]

On the host pulling the backup (role rsnapshot-backup-host), there should be atleast one key per host you are pulling backups from.

Exactly. If I remove the backupro & backuppuller users from the rsnapshot-backup-host and multiple rsnapshot-remote-host machines, and rerun everything, I only see one key in the backuppuller on rsnapshot-backup-host.

[carygravel]

I thought it might be a race condition, and would need throttle: 1 in the Install hostkey on backup pulling host task, but that hasn't solved the problem.

[Yannik]

Please remove known_hosts and rerun your playbook with -vvv, and post the output here. I have never experienced a problem like this.

[carygravel]

Thanks for the -vvv hint. There are two things going on:

1. The Install hostkey on backup pulling host task is trying to use the same key for both hosts.
2. It adds it correctly for the first host, then tries to use the key for the first host in the line for the second, but the known_hosts task then sees the key is the same and replaces the first key with the second (incorrect) key.

If I run the play twice, once for each host, it all works.

It looks to me that because there is only one file (tmp-rsnapshot-host-key), fetching the second key overwrite the first key.

I guess the solution is to use the tempfile module to create the filenames, rather than hardcoding them, and register them in a dictionary, where the key is the hostname.