ansible-pull git checkout Host key verification

[Nicolas G]

Hi,

I'm having the bellow problem trying to run ansible-pull mode cronjob. When I bring up a new instance and install the cronjob, ansible-pull mode will fail because Host key verification failure :

"""

Running: 'ansible all -i "localhost," -c local --limit "localhost:ip-10-120-170-189.eu-west-1.compute.internal:127.0.0.1" -m git -a "name=g...@github.com:some-repo/project.git dest=/root/myprojec version=myBranch"'

localhost | FAILED >> {

    "cmd": "/usr/bin/git ls-remote g...@github.com:some-repo/project.git -h refs/heads/myBranch",

    "failed": true,

    "msg": "Host key verification failed.\r\nfatal: The remote end hung up unexpectedly",

    "rc": 128,

    "stderr": "Host key verification failed.\r\nfatal: The remote end hung up unexpectedly\n",

    "stdout": ""

}

"""

If I run the ansible--pull command manually the first time it asks me the bellow :

"""

The authenticity of host 'github.com (192.30.252.131)' can't be established.

RSA key fingerprint is 15:27:ac:a5:76:18:2d:36:63:1b:54:4d:eb:df:a6:48.

Are you sure you want to continue connecting (yes/no)?

"""

Once I accept "yes" it won't ask me again and ansible-pull cronjob will work automatically with no issues.

How can I avoid the manual authentication so the cronjob will work the first time automatically   ??

Regards,

Nicolas.

[James Tanner]

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Take a look through http://www.ansibleworks.com/docs/intro_getting_started.html#host-key-checking

[Nicolas G]

Hi James, thanks for the reply.

I already have host_key_checking = False in the ansible.cfg file that is checked out from github.com:some-repo/project.git in the example but I think ansible-pull is still using the default values...

[James Tanner]

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

What is the directory structure in your checkout? Can you show me the "tree ." or "find ." output?

[Nicolas G]

tree -L 1 /root/myprojec

/root/myprojec

├── ansible.cfg

├── site.yml

├── etc

├── group_vars

├── hosts

├── private_vars

├── production.yml

├── README.md

├── roles

On Thursday, November 7, 2013 5:27:28 PM UTC+2, Nicolas G wrote:

[James Tanner]

Ah, I completely misread your first email. You aren't having a problem with connecting to the inventory host (localhost), it's the github key that is falling over when ansible-pull tries to check out your repo.

Are you calling ansible-pull from a cronjob? The simplest fix is to run ssh-keyscan before you pull the repo ...

ssh-keyscan github.com >> ~/.ssh/known_hosts
ansible-pull <args>

This is also noted in the git module docs.

--

[Nicolas G]

Thanks James it's working now.

Do you know if the github.com public key ever changes ? I prefer to edit the known_hosts with Ansible once than running this command every time.

 

On Thursday, November 7, 2013 9:48:28 PM UTC+2, James Tanner wrote:

Ah, I completely misread your first email. You aren't having a problem with connecting to the inventory host (localhost), it's the github key that is falling over when ansible-pull tries to check out your repo.

Are you calling ansible-pull from a cronjob? The simplest fix is to run ssh-keyscan before you pull the repo ...

ssh-keyscan github.com >> ~/.ssh/known_hosts
ansible-pull <args>

This is also noted in the git module docs.

On 11/07/2013 11:27 AM, Nicolas G wrote:

tree -L 1 /root/myprojec

/root/myprojec

├── ansible.cfg

├── site.yml

├── etc

├── group_vars

├── hosts

├── private_vars

├── production.yml

├── README.md

├── roles

On Thursday, November 7, 2013 5:27:28 PM UTC+2, Nicolas G wrote:

Hi,

I'm having the bellow problem trying to run ansible-pull mode cronjob. When I bring up a new instance and install the cronjob, ansible-pull mode will fail because Host key verification failure :

"""

Running: 'ansible all -i "localhost," -c local --limit "localhost:ip-10-120-170-189.eu-west-1.compute.internal:127.0.0.1" -m git -a "name...@github.com:some-repo/project.git dest=/root/myprojec version=myBranch"'

localhost | FAILED >> {

    "cmd": "/usr/bin/git ls-remote g...@github.com:some-repo/project.git -h refs/heads/myBranch",

    "failed": true,

    "msg": "Host key verification failed.\r\nfatal: The remote end hung up unexpectedly",

    "rc": 128,

    "stderr": "Host key verification failed.\r\nfatal: The remote end hung up unexpectedly\n",

    "stdout": ""

}

"""

If I run the ansible--pull command manually the first time it asks me the bellow :

"""

The authenticity of host 'github.com (192.30.252.131)' can't be established.

RSA key fingerprint is 15:27:ac:a5:76:18:2d:36:63:1b:54:4d:eb:df:a6:48.

Are you sure you want to continue connecting (yes/no)?

"""

Once I accept "yes" it won't ask me again and ansible-pull cronjob will work automatically with no issues.

How can I avoid the manual authentication so the cronjob will work the first time automatically   ??

Regards,

Nicolas.

[James Tanner]

Not really sure. However, hostkeys could change for various reasons.