SSH key generation vs. warnings

Hi,

I have an Ansible role to setup the root account on AlmaLinux 9.x. Here’s what the task looks like:

- name: Set password and generate SSH key pair for root
  ansible.builtin.user:
    name: root
    password: >-
      {{root_passwd|
      password_hash('sha512', 65534|
      random(seed=inventory_hostname)|
      string)}}
    generate_ssh_key: true
    ssh_key_bits: 4096

When I run the corresponding playbook the first time, everything is OK and the SSH key pair is generated as expected.

But on subsequent runs, I get the following warning:

TASK [almalinux9_setup_root : Set password and generate SSH key pair for root] ****************************
[WARNING]: Found existing ssh key private file "/root/.ssh/id_rsa", no force, so skipping ssh-keygen
generation
ok: [localhost]

Shouldn’t this be silent and completely green, without a warning? After all, this is the expected behavior. The first run creates the SSH key pair for root, and subsequent runs just ignore SSH key pair creation since it’s already present.

Any suggestions ?

Is the password changing each time causing the task to be run each time because force is not set?

No, it’s not. Password is stored in vars/secret.yml and doesn’t change. I’m puzzled.

Maybe the user module wants to tell you that it doesn’t really check the SSH keys, it only creates them when asked to (when not existing by default, or always if force=true), but it won’t check whether it matches your settings (like ssh_key_bits=4096).