Hi,
The known_hosts module expects a complete "known_hosts - line" as key
value. The public key from /etc/ssh lists no hostname. So in your example
the correct behaviour can be achieved by preceding the hostname:
Example:
...
- name: known_hosts
known_hosts: path="/home/xiaoliang/.ssh/known_hosts" host="sun1-db-1"
state=present
key="sun1-db-1 {{ lookup('file', '/tmp/keys/
10.223.0.51/etc/ssh/ssh_host_rsa_key.pub') }}"
...
Cheers
Ulli
Am Freitag, 29. Mai 2015 14:36:38 UTC+2 schrieb Leon Xie:
>
> Hi all,
>
> I use the below playbook to add known hosts:
>
> ============================================================
> - name: demo
> hosts: 10.223.0.51
> remote_user: root
> tasks:
> - name: fetch
> fetch: src=/etc/ssh/ssh_host_rsa_key.pub dest=/tmp/keys
> fail_on_missing=yes validate_checksum=yes
> - name: demo
> hosts: 10.223.0.52
> remote_user: root
> tasks:
> - name: known_hosts
> known_hosts: path="/home/xiaoliang/.ssh/known_hosts"
> host="sun1-db-1" state=present
> key="{{ lookup('file', '/tmp/keys/
> 10.223.0.51/etc/ssh/ssh_host_rsa_key.pub') }}"
>
> ============================================================
>
> ============================================================
> $ ansible-playbook -i ../../inventory/hosts demo.yml -vvvv
>
> PLAY [demo]
> *******************************************************************
>
> TASK: [fetch]
> *****************************************************************
> <10.223.0.51> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 10.223.0.51
> <10.223.0.51> EXEC /bin/sh -c 'rc=flag; [ -r /etc/ssh/ssh_host_rsa_key.pub
> ] || rc=2; [ -f /etc/ssh/ssh_host_rsa_key.pub ] || rc=1; [ -d
> /etc/ssh/ssh_host_rsa_key.pub ] && rc=3; python -V 2>/dev/null || rc=4; [
> x"$rc" != "xflag" ] && echo "${rc} "/etc/ssh/ssh_host_rsa_key.pub && exit
> 0; (python -c '"'"'import hashlib; BLOCKSIZE = 65536; hasher =
> hashlib.sha1(); afile = open("'"'"'/etc/ssh/ssh_host_rsa_key.pub'"'"'",
> "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf)
> buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"'
> 2>/dev/null) || (python -c '"'"'import sha; BLOCKSIZE = 65536; hasher =
> sha.sha(); afile = open("'"'"'/etc/ssh/ssh_host_rsa_key.pub'"'"'", "rb")
> buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf =
> afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"'
> 2>/dev/null) || (echo '"'"'0 '"'"'/etc/ssh/ssh_host_rsa_key.pub)'
> ok: [10.223.0.51] => {"changed": false, "checksum":
> "312b6e08531e50f6baa21bf87f0dd8adbaad0c0d", "dest": "/tmp/keys/
> 10.223.0.51/etc/ssh/ssh_host_rsa_key.pub", "file":
> "/etc/ssh/ssh_host_rsa_key.pub", "md5sum":
> "cb9f17d1febefd7c66fc79967606d272"}
>
> PLAY [demo]
> *******************************************************************
>
> TASK: [known_hosts]
> ***********************************************************
> <10.223.0.52> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 10.223.0.52
> <10.223.0.52> REMOTE_MODULE known_hosts
> path="/home/xiaoliang/.ssh/known_hosts" host="sun1-db-1" state=present
> key="ssh-rsa
> AAAAB3NzaC1yc2EAAAABIwAAAQEAtqGtO6VLYU3kWIWoiKKg8rgEQvEB/wHP1aZEK95kQ1yekDIK8Vfj4VQ3+pKqwTirwSF9ODeZR1VaC+K4b6Oke9bJ/0h5bXiRzzvmD/wu+c6uEtjtMdNYzQnLu4UNCCh1Fa6Pktm2Lz9xSxTcFyIncxgFSxqabf12OVYWsYaj7BwO6Wgs/pYoJjDv+IgJpUwvsPhJkX2s/Ak/U4JwnuaxXB/wufF/eFbEnTUbTv7o7KpHqX50Ok/daN05AVcC/oYPf79wOaeBsPMnTNisqjYJNSgS1EpTw1ZNxqwiRUpcyx8SQ/uI1caA06Q8g7RcNmLWiEM0t5lx2LjScX4ztrIYxQ=="
> <10.223.0.52> EXEC /bin/sh -c 'mkdir -p
> $HOME/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070 && echo
> $HOME/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070'
> <10.223.0.52> PUT /tmp/tmp54Yy4J TO
> /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/known_hosts
> <10.223.0.52> EXEC /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8
> /usr/bin/python
> /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/known_hosts;
> rm -rf /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/
> >/dev/null 2>&1'
> failed: [10.223.0.52] => {"cmd": "/usr/bin/ssh-keygen -F sun1-db-1 -f
> /tmp/tmpxxoJ6Q", "failed": true, "rc": 1}
> stderr: line 1 invalid key: ssh-rsa...
> /tmp/tmpxxoJ6Q is not a valid known_hosts file.
>
> msg: line 1 invalid key: ssh-rsa...
> /tmp/tmpxxoJ6Q is not a valid known_hosts file.
>
> FATAL: all hosts have already failed -- aborting
>
> PLAY RECAP
> ********************************************************************
> to retry, use: --limit @/home/xiaoliang/demo.retry
>
> 10.223.0.51 : ok=1 changed=0 unreachable=0
> failed=0
> 10.223.0.52 : ok=0 changed=0 unreachable=0
> failed=1
> ============================================================
>
>
> will anyone please help to look at this? or point me to the right
> direction?
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/08c2c9ef-e4ca-43ec-9245-04461fa66ad1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
