Get rid of "previous known host file not found"

[Ilya]

I get 2-4 "previous known host file not found" warning on each task execution.
Like
TASK: [configure .bashrc for me] ********************************************
previous known host file not found
previous known host file not found
previous known host file not found
previous known host file not found
ok: [test1]
Naturally, ~/.ssh/known_hosts exists and is readable.
I think it happened at some point but for the life of me I can't find any related configuration option. Just how do I fix it?

[Michael DeHaan]

What version of Ansible are you using?

Also, what connection type is being used (did you specify -c ssh or -c paramiko?  If not, what's your OS  you are running Ansible from?)

Can you show your current user id from bash and also "ls -l" on the known_hosts file?

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Michael DeHaan <mic...@ansibleworks.com>
CTO, AnsibleWorks, Inc.
http://www.ansibleworks.com/

[Serge van Ginderachter]

Are you perhaps running ansible locally through sudo?

   # sudo ansible ....

I had this issue some time ago, and a patch wa accepted to look at the sudo user's home dir, nog the calling user, which solved that.

I still get this for jobs that run from cron though (no sudo involved here), but didn' look at it further so far.

recent ansible 1.5 devel, running on default -c ssh

Serge

[Ilya Ivanov]

I can no longer reproduce that.

[Ilya Ivanov]

Hmm, now appeared again.

$ ansible --version
ansible 1.4.3
$ cat /etc/redhat-release
CentOS release 6.5 (Final)
$ rpm -q openssh-clients
openssh-clients-6.4p1-1.el6.2.x86_64
$ id
uid=500(magi) gid=500(magi) groups=500(magi),10(wheel)
$ls -l ~/.ssh
total 28
-rw------- 1 magi magi   789 Jan 12 18:47 authorized_keys
-rw------- 1 magi magi  1675 Apr 17  2013 id_rsa
-rw-r--r-- 1 magi magi   395 Jan 12 13:17 id_rsa.pub
-rw-r--r-- 1 magi magi 13375 Feb  2 14:57 known_hosts

I don't use sudo. The command is run like this:
time ansible-playbook $task -e "hosts=$host" -i $inventory -s

[Ilya Ivanov]

So what can I do to finally find the previous host file?

[Jesse Keating]

On 2/7/14, 1:13 PM, Ilya Ivanov wrote:
> So what can I do to finally find the previous host file?

If you can reliably repeatably reproduce this, do the run with -vvvv to
make sure the ssh args match up with what you think they should, with
respect to where the known hosts file should be, etc...


-jlk

[Ilya Ivanov]

How do I know what they should be?

[Ilya Ivanov]

Anyone?

On Sunday, January 26, 2014 8:14:28 PM UTC+7, Ilya Ivanov wrote:

[Jesse Keating]

On 2/8/14, 2:28 AM, Ilya Ivanov wrote:
> How do I know what they should be?

Well, you'd want to look at what ansible is using, and try using them
yourself manually and see if the problem persists.

This doesn't appear to be a common problem, I really would say it's
something specific to your environment and usage.


-jlk

[Ilya Ivanov]

Well, it doesn't really matter to me whether the problem is specific or not.

Here's how a verbose ansible connection looks:
<192.168.7.188> ESTABLISH CONNECTION FOR USER: ilya
<192.168.7.188> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/ilya/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=17722', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=ilya', '-o', 'ConnectTimeout=10', '192.168.7.188', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1392322724.99-173609494693332 && chmod a+rx $HOME/.ansible/tmp/ansible-1392322724.99-173609494693332 && echo $HOME/.ansible/tmp/ansible-1392322724.99-173609494693332'"]

previous known host file not found

Here are attempts to reproduce it with ssh
$ ssh -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/home/ilya/.ansible/cp/ansible-ssh-%h-%p-%r -o Port=17722 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-micgssapi-keyexhostbasedpublickey -o PasswordAuthentication=no -o User=ilya -o ConnectTimeout=10 192.168.7.188 2>&1 | grep previous
$
$ ssh -tt -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/home/ilya/.ansible/cp/ansible-ssh-%h-%p-%r -o Port=17722 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-micgssapi-keyexhostbasedpublickey -o PasswordAuthentication=no -o User=ilya -o ConnectTimeout=10 192.168.7.188
Permission denied (publickey,gssapi-with-mic,password).
$
$ ssh -tt -o ControlMaster=auto -o ControlPersist=60s -o Port=17722 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-micgssapi-keyexhostbasedpublickey -o PasswordAuthentication=no -o User=ilya -o ConnectTimeout=10 192.168.7.188
Permission denied (publickey,gssapi-with-mic,password).
$
$ssh -tt -o ControlMaster=auto -o ControlPersist=60s -o Port=17722 -o KbdInteractiveAuthentication=no -o PasswordAuthentication=no -o User=ilya -o ConnectTimeout=10 192.168.7.188
Last login: Thu Feb 13 20:18:45 2014 from 192.168.7.188
ilya@host1:~$

"previous known host file not found" is an Ansible message. Does anyone know the conditions under which is it triggered?

[Gonzalo Servat]

You seem to be getting permission denied errors sometimes and other times you can login ok?

Perhaps Ansible is giving the wrong error message but the underlying error is permission denied. Just taking a guess based on the output.

GS

[Ilya Ivanov]

No, look closely. I just remove the arguments one by one until it succedes.

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/h-EWByIPDuY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.

To post to this group, send email to ansible...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--

Ilya.

[Jesse Keating]

On 2/13/14, 12:37 PM, Ilya Ivanov wrote:
> "previous known host file not found" is an Ansible message. Does anyone
> know the conditions under which is it triggered?

Grepping the code shows it pretty clearly:

def not_in_host_file(self, host):
host_file =
os.path.expanduser(os.path.expandvars("~${USER}/.ssh/known_hosts"))
if not os.path.exists(host_file):
print "previous known host file not found"

This is called when a command is executed.

It looks to your user's homedir/.ssh/known_hosts and if that file
doesn't exist, it prints that message you're seeing.

Use of straight ssh will read various config files to determine where
the known_hosts file is, such as /etc/ssh/ssh_config and ~/.ssh/config

Perhaps in one of those there is a configuration that marks known_hosts
as some other file -- or you have a setting that is preventing ssh from
every even checking for known hosts. Either way, that's where the
message comes from.


-jlk

[Ilya Ivanov]

But the file exists (and the host is there). What could I do to debug it further?

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/h-EWByIPDuY/unsubscribe.

To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Ilya.

[Jesse Keating]

I would edit the source code and put a debugger statement inside the if
statement that does the print. This way when running ansible if you
happen to get into this state, you can examine the various data, like
what it thinks the value of host_file is, and then compare that to your
filesystem.

On 2/13/14, 1:47 PM, Ilya Ivanov wrote:
> But the file exists (and the host is there). What could I do to debug it
> further?
>
>
> On Fri, Feb 14, 2014 at 4:29 AM, Jesse Keating <jkea...@j2solutions.net
> <mailto:jkea...@j2solutions.net>> wrote:
>
> On 2/13/14, 12:37 PM, Ilya Ivanov wrote:
>
> "previous known host file not found" is an Ansible message. Does
> anyone
> know the conditions under which is it triggered?
>
>
> Grepping the code shows it pretty clearly:
>
> def not_in_host_file(self, host):
> host_file =

> os.path.expanduser(os.path.__expandvars("~${USER}/.ssh/__known_hosts"))

> if not os.path.exists(host_file):
> print "previous known host file not found"
>
> This is called when a command is executed.
>
> It looks to your user's homedir/.ssh/known_hosts and if that file
> doesn't exist, it prints that message you're seeing.
>
> Use of straight ssh will read various config files to determine
> where the known_hosts file is, such as /etc/ssh/ssh_config and
> ~/.ssh/config
>
> Perhaps in one of those there is a configuration that marks
> known_hosts as some other file -- or you have a setting that is
> preventing ssh from every even checking for known hosts. Either way,
> that's where the message comes from.
>
>
> -jlk
>
>
> --
> You received this message because you are subscribed to a topic in
> the Google Groups "Ansible Project" group.
> To unsubscribe from this topic, visit

> https://groups.google.com/d/__topic/ansible-project/h-__EWByIPDuY/unsubscribe
> <https://groups.google.com/d/topic/ansible-project/h-EWByIPDuY/unsubscribe>.

> To unsubscribe from this group and all its topics, send an email to

> ansible-project+unsubscribe@__googlegroups.com
> <mailto:ansible-project%2Bunsu...@googlegroups.com>.

> To post to this group, send email to

> ansible-project@googlegroups.__com
> <mailto:ansible...@googlegroups.com>.
> For more options, visit https://groups.google.com/__groups/opt_out
> <https://groups.google.com/groups/opt_out>.
>
>
>
>
> --
> Ilya.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.

> To unsubscribe from this group and stop receiving emails from it, send
> an email to ansible-proje...@googlegroups.com.

> To post to this group, send email to ansible...@googlegroups.com.

> For more options, visit https://groups.google.com/groups/opt_out.

-jlk

[Ilya Ivanov]

Ok thanks I'll try that.

    <mailto:ansible-project@googlegroups.com>.

    For more options, visit https://groups.google.com/__groups/opt_out
    <https://groups.google.com/groups/opt_out>.




--
Ilya.

--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send

an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

-jlk

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/h-EWByIPDuY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Ilya.

[Steffen Prince]

Sorry for bumping this old thread, but I encountered "previous known host file not found" myself and identified my problem.

I was using ansible on a host where my login name did not match the name I wanted to run ansible under, so I set $USER to the desired name. This is a bad idea generally, but with Ansible will cause the following to fail:

    os.path.expanduser(os.path.expandvars("~${USER}/.ssh/known_hosts")) 

So the correct way to use another name for Ansible ssh is to use the "-u" flag to ansible-playbook. Check to be sure $USER is actually set to your local username if you see this issue.

    <mailto:ansible-project%2Bunsubsc...@googlegroups.com>.

    To post to this group, send email to

    ansible-project@googlegroups.__com

    <mailto:ansible...@googlegroups.com>.

    For more options, visit https://groups.google.com/__groups/opt_out
    <https://groups.google.com/groups/opt_out>.




--
Ilya.

--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send

an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

-jlk

--
You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/h-EWByIPDuY/unsubscribe.

To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.

--

Ilya.

[Ilya Ivanov]

I always set ansible user in the inventory file.

I actually narrowed down the issue. It happens whenever a new host is added in a screen session. So, when working with already known hosts or when screen isn't used, I don't see it.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4b3d7654-5bba-4a74-964d-81944ae2e861%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Ilya.

[Michael DeHaan]

FYI:  Expanding the temp path too early for that setting no longer happens in the latest version of Ansible.

You may wish to try with 1.7.1.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAA%3DKoeKPkMfvFyzMutqnNvqGRUbST%2BnDWWWbF_SAEwtremFQZg%40mail.gmail.com.

[John Bond]

Just adding a comment for the archives

 I just ran into this problem using ansible 1.4.4 from cron.  I fixed the issues by running my cron job with

USER=username /usr/bin/ansible .....

it might be better to use 

import getpass

....

user_host_file = os.path.expandvars("~{}/.ssh/known_hosts".format(getpass.getuser()))

although looking at trunk i think the current version would now work from cron 

[Michael DeHaan]

Ansible 1.4.4 is somewhat out of date at this point, the most recent update is 1.7.1 and is important that you upgrade since it contains a few security fixes.

You'll also be missing a lot of fixes/improvements, modules, and options.

If you have a problem in 1.7.1, do let us know!

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/4f288b81-3ba0-4cf2-871e-d3485e08ffdb%40googlegroups.com.

[John Bond]

On Friday, 22 August 2014 13:55:08 UTC+2, Michael DeHaan wrote:

Ansible 1.4.4 is somewhat out of date at this point, the most recent update is 1.7.1 and is important that you upgrade since it contains a few security fixes.

You'll also be missing a lot of fixes/improvements, modules, and options.

If you have a problem in 1.7.1, do let us know!

No problem im just using the stock release in ubuntu LTS 12.04.  I will look at creating my own package shortly as i have already come across some other features that are missing in this version. 

Thanks John

[Michael DeHaan]

You can add our PPA as indicated in http://docs.ansible.com/intro_installation.html#latest-releases-via-apt-ubuntu if you like...

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/32e80a44-7b63-42f0-a53b-8d3f4125ea0a%40googlegroups.com.

[John Bond]

On Friday, 22 August 2014 18:31:20 UTC+2, Michael DeHaan wrote:

You can add our PPA as indicated in http://docs.ansible.com/intro_installation.html#latest-releases-via-apt-ubuntu if you like...

Great thanks ill look at that on monday

[Serge van Ginderachter]

On 22 August 2014 18:31, Michael DeHaan <mic...@ansible.com> wrote:

You can add our PPA as indicated in http://docs.ansible.com/intro_installation.html#latest-releases-via-apt-ubuntu if you like...

​+1, especially on precise, as it needs a backported package too.​