具有非标准端口的 Ansible known_hosts 模块
Ansible known_hosts module with non-standard port
我正在配置一个新服务器,并希望自动将其 public 密钥添加到我的本地 known_hosts 文件中。我的服务器是 运行,端口 2222。
hosts:
[remotes]
my_server ansible_host:42.42.42.42 ansible_port:2222
playbook.yml:
---
hosts: all
gather_facts: no
tasks:
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{ansible_host}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "{{item}}"
state: present
hash_host: yes
key: "{{host_key.stdout}}"
with_items:
- "{{ansible_host}}"
- "{{inventory_hostname}}"
这会将新条目添加到 known_hosts。
但是 ssh 42.42.42.42:2222 和 ssh my_server:2222 仍然显示未知密钥警告。
我怀疑是因为 1) 我在非标准端口上 运行(known_host 模块的文档没有显示设置端口的选项),或者 2 ) 与散列选项有关。
我该怎么做?
我在 old issue 中找到了一个解决方案。诀窍是使用 [host]:port 而不是 host.
---
hosts: all
gather_facts: no
tasks:
# add entry to known_hosts for server's IP address
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{ansible_host}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "[{{ansible_host}}]:{{ansible_port}}" # <--- here
state: present
hash_host: yes
key: "{{host_key.stdout}}"
# add entry to known_hosts for server's hostname
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{inventory_hostname}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "[{{inventory_hostname}}]:{{ansible_port}}" # <--- here
state: present
hash_host: yes
key: "{{host_key.stdout}}"
我找不到避免重复的方法,因为 with_items 不能同时应用于多个任务,所以它很丑但它有效。
这允许 ssh 42.42.42.42:2222 和 ssh my_server:2222 没有提示(尽管 my_server 必须在 /etc/hosts and/or ~/.ssh/config 中定义)。
我正在配置一个新服务器,并希望自动将其 public 密钥添加到我的本地 known_hosts 文件中。我的服务器是 运行,端口 2222。
hosts:
[remotes]
my_server ansible_host:42.42.42.42 ansible_port:2222
playbook.yml:
---
hosts: all
gather_facts: no
tasks:
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{ansible_host}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "{{item}}"
state: present
hash_host: yes
key: "{{host_key.stdout}}"
with_items:
- "{{ansible_host}}"
- "{{inventory_hostname}}"
这会将新条目添加到 known_hosts。
但是 ssh 42.42.42.42:2222 和 ssh my_server:2222 仍然显示未知密钥警告。
我怀疑是因为 1) 我在非标准端口上 运行(known_host 模块的文档没有显示设置端口的选项),或者 2 ) 与散列选项有关。
我该怎么做?
我在 old issue 中找到了一个解决方案。诀窍是使用 [host]:port 而不是 host.
---
hosts: all
gather_facts: no
tasks:
# add entry to known_hosts for server's IP address
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{ansible_host}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "[{{ansible_host}}]:{{ansible_port}}" # <--- here
state: present
hash_host: yes
key: "{{host_key.stdout}}"
# add entry to known_hosts for server's hostname
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{inventory_hostname}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "[{{inventory_hostname}}]:{{ansible_port}}" # <--- here
state: present
hash_host: yes
key: "{{host_key.stdout}}"
我找不到避免重复的方法,因为 with_items 不能同时应用于多个任务,所以它很丑但它有效。
这允许 ssh 42.42.42.42:2222 和 ssh my_server:2222 没有提示(尽管 my_server 必须在 /etc/hosts and/or ~/.ssh/config 中定义)。