-
-
Save shirou/6928012 to your computer and use it in GitHub Desktop.
| --- | |
| - hosts: all | |
| gather_facts: no | |
| sudo: no | |
| tasks: | |
| - name: run ssh-keyscan to add keys to known_hosts | |
| local_action: shell ssh-keyscan {{ ansible_ssh_host }} >> ~/.ssh/known_hosts |
This adds multiple lines each run, you should check if line non-existant or not the same before add.
@cfaria929 solution worked for me. Thanks!
local_action: shell ssh-keyscan {{ inventory_hostname }} >> ~/.ssh/known_hosts
I found that {{ ansible_ssh_host }} made everything show up as localhost in my known_hosts file. the above corrected for me
But this will fail.
- name: get port, default 22
delegate_to: localhost
set_fact:
ansible_ssh_port: "{{ hostvars[inventory_hostname]['ansible_ssh_port'] | default('22') }}"
- name: Ensure ssh host key known
delegate_to: localhost
lineinfile:
dest: ~/.ssh/known_hosts
create: yes
state: present
line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + ansible_ssh_host) }}"
@rdkls must have meant
line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
@rdkls yopur snippet is precious ! The line is simply amazing, where did you found documented the lookup with pipe ?
I am running Ansible 2.11
And i have these 2 working 4 any1 interested :-)
They are based on the same pipe solution @rdkls made :-)
- hosts: all
gather_facts: no
become: no
tasks:
- name: Setup Known Hosts With Port
delegate_to: localhost
known_hosts:
key: "{{ lookup('pipe', 'ssh-keyscan -trsa -p ' + lookup('config', 'DEFAULT_REMOTE_PORT') | string + ' ' + inventory_hostname) }}"
name: "{{ inventory_hostname }}"
state: present
when: lookup('config', 'DEFAULT_REMOTE_PORT') | string != "None"
- name: Setup Known Hosts Without Port
delegate_to: localhost
known_hosts:
key: "{{ lookup('pipe', 'ssh-keyscan -trsa ' + inventory_hostname) }}"
name: "{{ inventory_hostname }}"
state: present
when: lookup('config', 'DEFAULT_REMOTE_PORT') | string == "None"- hosts: 127.0.0.1
connection: local
gather_facts: no
become: no
tasks:
- name: Setup Known Hosts With Port
known_hosts:
key: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + lookup('config', 'DEFAULT_REMOTE_PORT') | string + ' ' + item.value.inventory_hostname) }}"
name: "{{ item.value.inventory_hostname }}"
state: present
when: lookup('config', 'DEFAULT_REMOTE_PORT') | string != "None"
with_items: "{{ hostvars | dict2items }}"
- name: Setup Known Hosts Without Port
known_hosts:
key: "{{ lookup('pipe', 'ssh-keyscan -trsa ' + item.value.inventory_hostname) }}"
name: "{{ item.value.inventory_hostname }}"
state: present
when: lookup('config', 'DEFAULT_REMOTE_PORT') | string == "None"
with_items: "{{ hostvars | dict2items }}"
Ditch the pipes.
- name: Scan for SSH host keys.
local_action:
module: shell
cmd: ssh-keyscan 192.168.1.1 2>/dev/null
changed_when: False
register: ssh_scan
- name: Update known_hosts.
local_action:
module: known_hosts
key: "{{ item }}"
name: "{{ ansible_host }}"
with_items: "{{ ssh_scan.stdout_lines }}"
@DanielDavis5 this is a good solution as you don't need to use extra hacks. Though to me it was not working if I was redirecting to /dev/null, all the output would be registered to stderr. If I keep ssh-keyscan some-host only, then it works fine.
local_action: shell ssh-keyscan {{ inventory_hostname }} >> ~/.ssh/known_hosts
I found that {{ ansible_ssh_host }} made everything show up as localhost in my known_hosts file. the above corrected for me