Turn off host_key_checking when using Python API

387 views
Skip to first unread message

Marc Abramowitz

unread,
Nov 22, 2014, 1:19:05 PM11/22/14
to ansible...@googlegroups.com
We have a Python program that calls the ansible Python API -- e.g.:

```python
    pb = ansible.playbook.PlayBook(
        playbook=playbook,
        host_list=host_list,
        stats=stats,
        callbacks=playbook_cb,
        runner_callbacks=runner_cb,
        extra_vars=extra_vars,
        private_key_file=private_key_file,
        subset=host
    )
    pb.run()
```

How can I specify that I want host_key_checking off?

There are a few things that work, but I'm trying to avoid for various reasons:

1. Putting `host_key_checking = False` in ansible.cfg -- trying to avoid this because the user could run our tool from any directory so we don't know that ansible.cfg will be in their current directory and we don't want to force them to have a ~/.ansible.cfg or /etc/ansible/ansible.cfg

2. Setting environment variable `ANSIBLE_HOST_KEY_CHECKING`. The following works, but it's a little gross because it's messing with global state and it has to be done before importing ansible for it to take effect:

```
os.environ['ANSIBLE_HOST_KEY_CHECKING'] = 'False'

import ansible.runner
import ansible.playbook
from ansible import callbacks
```

Is there some other way to just pass in a parameter or something to turn off host key checking? It doesn't look like it from a quick scan of the code. Wonder if a PR that added an optional parameter might be something that would be considered?

Related:

Marc Abramowitz

unread,
Nov 22, 2014, 10:29:13 PM11/22/14
to ansible...@googlegroups.com
Here's another hacky way to do it:

```
    pb = ansible.playbook.PlayBook(
        playbook=playbook,
        host_list=host_list,
        stats=stats,
        callbacks=playbook_cb,
        runner_callbacks=runner_cb,
        extra_vars=extra_vars,
        private_key_file=private_key_file,
        subset=host
    )

    ansible.constants.HOST_KEY_CHECKING = False

    pb.run()  # This runs the playbook
```

but it would be cool if I could pass it to the PlayBook constructor.

Michael DeHaan

unread,
Nov 24, 2014, 5:47:41 PM11/24/14
to ansible...@googlegroups.com
Some of the v2/ refactoring will enable some new API options that may allow for making this easier - or it may be something we can entertain after those refactorings are more complete.

At this time though, it's not a great point to get involved, as it's still too emergent.

We will let you know when this time is.



--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7f9bae7b-a007-4cfb-add2-5a9138ab355e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Marc Abramowitz

unread,
Nov 24, 2014, 7:44:36 PM11/24/14
to ansible...@googlegroups.com
Cool, thanks Michael!
Reply all
Reply to author
Forward
0 new messages