I'm new with ansible and I created small ansible-playbook, that adds github ssh host key to known_hosts in each server:
---
- hosts: all
tasks:
- name: Add github to ssh known-hosts
known_hosts:
name: "TS_github"
key: "github.com,192.30.252.129 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
But, for some reasons, this playbook fails for every host with error:
fatal: [clusterapp-1]: FAILED! => {"changed": false, "cmd": "/usr/bin/ssh-keygen -F TS_github -f /tmp/tmpgROT5p", "failed": true, "msg": "", "rc": 1, "stderr": "", "stdout": "", "stdout_lines": []}
For some reasons it uses /tmp/tmpgROT5p
as a keyfile, which is false for obvious reasons. As stated in ansible doc known_hosts module should use "(homedir)+/.ssh/known_hosts", but it doesn't happened.
I start playbook as follows:
ansible-playbook -i hosts github_keys.yml
I also tried to start playbook with -vvv key, but I didn't get any useful information.
My ansible.cfg file:
[defaults]
transport=ssh
host_key_checking=false
The
name
should be the name of the host.So in your case, the name needs to be
github.com
andkey
should begithub.com,192.30.252.129 ssh-rsa AAAAB3NzaC1yc2EAA...
As an alternative you can use a .ssh/config file for the specific user to ignore the known_hosts if you are just trying to avoid being prompted and this falls withing your security requirements.
Host * StrictHostKeyChecking no
A possible workaround could be to use blockinfile.
Sure, using known_hosts is the recommended way to go, but this one is working quite well. Also suitable for managing /etc/hosts