Ansible: ssh-extra-args ProxyCommand는 host_key_checking=False를 비활성화합니다.

문제 유형:

• 버그 신고
  

  앤서블 버전:

ansible 2.0.1.0
  config file = /Users/tpai/src/cm/ansible.cfg
  configured module search path = Default w/o overrides

앤서블 구성:

[defaults]

host_key_checking=False
timeout=20
forks=20

force_handlers = True
roles_path = ./roles
callback_whitelist=profile_tasks
filter_plugins = ./filter_plugins

[ssh_connection]
pipelining = True
control_path = /tmp/ansible-ssh-%%h-%%p-%%r

환경:

앤서블 호스트 : OS X 10.11.3
대상 : 우분투 14.04.02

요약:

ssh-extra-args ProxyCommand는 host_key_checking=False 를 중단합니다.

ansible.cfg 또는 ssh-extra-args 자체에 설정된 host_key_checking=False ssh-extra-args 를 사용할 때 연결하지 않은 호스트의 키를 수락하라는 메시지가 계속 표시됩니다. 전에.

재현 단계:

ansible-playbook provision_envs/configure-sid.yml -i inventory/sid --limit=tag_build_5 --vault-password-file ../vault_key --ssh-extra-args='-o ProxyCommand="ssh -W %h:%p [email protected]"' -vvvvv

예상 결과:

새 호스트에 대해 플레이북을 실행합니다.

실제 결과:

StrictHostKeyChecking 가 활성화된 것처럼 키를 수락하라는 메시지가 표시됩니다.

$ ansible-playbook provision_envs/configure-sid.yml -i inventory/sid --limit=tag_build_5 --vault-password-file ../vault_key --ssh-extra-args='-o ProxyCommand="ssh -W %h:%p [email protected]"' -vvvvv
Using /Users/tpai/src/cm/ansible.cfg as config file
Loaded callback default of type stdout, v2.0
Loaded callback profile_tasks of type aggregate, v2.0
2 plays in provision_envs/configure-sid.yml

PLAY ***************************************************************************
skipping: no hosts matched

PLAY ***************************************************************************

TASK [setup] *******************************************************************
Friday 11 March 2016  12:40:12 +0000 (0:00:00.122)       0:00:00.122 **********
<10.0.251.222> ESTABLISH SSH CONNECTION FOR USER: user
<10.0.251.222> SSH: ansible.cfg set ssh_args: (-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
<10.0.251.222> SSH: ANSIBLE_HOST_KEY_CHECKING/host_key_checking disabled: (-o)(StrictHostKeyChecking=no)
<10.0.251.222> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<10.0.251.222> SSH: ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set: (-o)(User=user)
<10.0.251.222> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=20)
<10.0.251.222> SSH: PlayContext set ssh_common_args: ()
<10.0.251.222> SSH: PlayContext set ssh_extra_args: (-o)(ProxyCommand=ssh -W %h:%p [email protected])
<10.0.251.222> SSH: found only ControlPersist; added ControlPath: (-o)(ControlPath=/tmp/ansible-ssh-%h-%p-%r)
<10.0.251.222> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=user -o ConnectTimeout=20 -o 'ProxyCommand=ssh -W %h:%p [email protected]' -o ControlPath=/tmp/ansible-ssh-%h-%p-%r 10.0.251.222 '/bin/sh -c '"'"'LANG=en_GB.UTF-8 LC_ALL=en_GB.UTF-8 LC_MESSAGES=en_GB.UTF-8 /usr/bin/python'"'"''
The authenticity of host 'host.com (1.2.3.4)' can't be established.
ECDSA key fingerprint is SHA256:kjghdfjkghdkfjghkdjfgdfgdfjghdkjfg.
Are you sure you want to continue connecting (yes/no)? 

**ssh connection times out**

fatal: [7.8.9.0]: UNREACHABLE! => {"changed": false, "msg": "SSH Error: data could not be sent to the remote host. Make sure this host can be reached over ssh", "unreachable": true}
        to retry, use: --limit @provision_envs/configure-sid.retry

PLAY RECAP *********************************************************************
7.8.9.0               : ok=0    changed=0    unreachable=1    failed=0