From 08dba9d0261494e8ee1d03585bf37ed5b647640e Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Tue, 23 Feb 2021 11:29:02 +1100
Subject: [PATCH] service-borg-backup: preload backup server facts

As described inline, ensure that minimal facts for the backup servers'
are loaded before running the backup roles on hosts, so they can read
the ansible_ssh_host_key_ed25519_public fact for each backup server
and ensure it is accepted.

Update the other comments slightly as well.

Change-Id: I1f207ca0770d58f61a89f9ade0bd26cebc982c62
---
 playbooks/service-borg-backup.yaml | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/playbooks/service-borg-backup.yaml b/playbooks/service-borg-backup.yaml
index f0f7f3470e..7fa6e1a244 100644
--- a/playbooks/service-borg-backup.yaml
+++ b/playbooks/service-borg-backup.yaml
@@ -1,10 +1,22 @@
-# This needs to happen in order.  Backup hosts export their username/key
-# combos which are installed onto the backup server
+# This ensures fact population so the borg-backup role, run on the
+# backup-clients, can add the public key for each backup server in
+# "borg-backup-server" to it's known_hosts.
+- hosts: "borg-backup-server:!disabled"
+  name: "Populate backup server host keys"
+  tasks:
+    - name: 'Gather minimal host facts'
+      setup:
+        gather_subset: '!all'
+
+# These two steps needs to happen in order.  Backup hosts export their
+# username/key combos in this step, then the following role uses that
+# info to authorizes these users on the backup servers.
 - hosts: "borg-backup:!disabled"
-  name: "Base: Generate borg backup users and keys"
+  name: "Generate borg backup users and keys"
   roles:
     - iptables
     - borg-backup
+
 - hosts: "borg-backup-server:!disabled"
   name: "Generate borg configuration"
   roles: