ansible known_hosts module failed
717 views
Skip to first unread message
Leon Xie
May 29, 2015, 8:36:38 AM5/29/15
to ansible...@googlegroups.com
Hi all,
I use the below playbook to add known hosts:
============================================================
- name: demo
hosts: 10.223.0.51
remote_user: root
tasks:
- name: fetch
fetch: src=/etc/ssh/ssh_host_rsa_key.pub dest=/tmp/keys
fail_on_missing=yes validate_checksum=yes
- name: demo
hosts: 10.223.0.52
remote_user: root
tasks:
- name: known_hosts
known_hosts: path="/home/xiaoliang/.ssh/known_hosts" host="sun1-db-1" state=present
key="{{ lookup('file', '/tmp/keys/10.223.0.51/etc/ssh/ssh_host_rsa_key.pub') }}"
============================================================
============================================================
$ ansible-playbook -i ../../inventory/hosts demo.yml -vvvv
PLAY [demo] *******************************************************************
TASK: [fetch] *****************************************************************
<10.223.0.51> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 10.223.0.51
<10.223.0.51> EXEC /bin/sh -c 'rc=flag; [ -r /etc/ssh/ssh_host_rsa_key.pub ] || rc=2; [ -f /etc/ssh/ssh_host_rsa_key.pub ] || rc=1; [ -d /etc/ssh/ssh_host_rsa_key.pub ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/ssh/ssh_host_rsa_key.pub && exit 0; (python -c '"'"'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1(); afile = open("'"'"'/etc/ssh/ssh_host_rsa_key.pub'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (python -c '"'"'import sha; BLOCKSIZE = 65536; hasher = sha.sha(); afile = open("'"'"'/etc/ssh/ssh_host_rsa_key.pub'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (echo '"'"'0 '"'"'/etc/ssh/ssh_host_rsa_key.pub)'
ok: [10.223.0.51] => {"changed": false, "checksum": "312b6e08531e50f6baa21bf87f0dd8adbaad0c0d", "dest": "/tmp/keys/10.223.0.51/etc/ssh/ssh_host_rsa_key.pub", "file": "/etc/ssh/ssh_host_rsa_key.pub", "md5sum": "cb9f17d1febefd7c66fc79967606d272"}
PLAY [demo] *******************************************************************
TASK: [known_hosts] ***********************************************************
<10.223.0.52> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 10.223.0.52
<10.223.0.52> REMOTE_MODULE known_hosts path="/home/xiaoliang/.ssh/known_hosts" host="sun1-db-1" state=present key="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtqGtO6VLYU3kWIWoiKKg8rgEQvEB/wHP1aZEK95kQ1yekDIK8Vfj4VQ3+pKqwTirwSF9ODeZR1VaC+K4b6Oke9bJ/0h5bXiRzzvmD/wu+c6uEtjtMdNYzQnLu4UNCCh1Fa6Pktm2Lz9xSxTcFyIncxgFSxqabf12OVYWsYaj7BwO6Wgs/pYoJjDv+IgJpUwvsPhJkX2s/Ak/U4JwnuaxXB/wufF/eFbEnTUbTv7o7KpHqX50Ok/daN05AVcC/oYPf79wOaeBsPMnTNisqjYJNSgS1EpTw1ZNxqwiRUpcyx8SQ/uI1caA06Q8g7RcNmLWiEM0t5lx2LjScX4ztrIYxQ=="
<10.223.0.52> EXEC /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070 && echo $HOME/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070'
<10.223.0.52> PUT /tmp/tmp54Yy4J TO /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/known_hosts
<10.223.0.52> EXEC /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/known_hosts; rm -rf /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/ >/dev/null 2>&1'
failed: [10.223.0.52] => {"cmd": "/usr/bin/ssh-keygen -F sun1-db-1 -f /tmp/tmpxxoJ6Q", "failed": true, "rc": 1}
stderr: line 1 invalid key: ssh-rsa...
/tmp/tmpxxoJ6Q is not a valid known_hosts file.
msg: line 1 invalid key: ssh-rsa...
/tmp/tmpxxoJ6Q is not a valid known_hosts file.
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/xiaoliang/demo.retry
10.223.0.51 : ok=1 changed=0 unreachable=0 failed=0
10.223.0.52 : ok=0 changed=0 unreachable=0 failed=1
============================================================
will anyone please help to look at this? or point me to the right direction?
I use the below playbook to add known hosts:
============================================================
- name: demo
hosts: 10.223.0.51
remote_user: root
tasks:
- name: fetch
fetch: src=/etc/ssh/ssh_host_rsa_key.pub dest=/tmp/keys
fail_on_missing=yes validate_checksum=yes
- name: demo
hosts: 10.223.0.52
remote_user: root
tasks:
- name: known_hosts
known_hosts: path="/home/xiaoliang/.ssh/known_hosts" host="sun1-db-1" state=present
key="{{ lookup('file', '/tmp/keys/10.223.0.51/etc/ssh/ssh_host_rsa_key.pub') }}"
============================================================
============================================================
$ ansible-playbook -i ../../inventory/hosts demo.yml -vvvv
PLAY [demo] *******************************************************************
TASK: [fetch] *****************************************************************
<10.223.0.51> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 10.223.0.51
<10.223.0.51> EXEC /bin/sh -c 'rc=flag; [ -r /etc/ssh/ssh_host_rsa_key.pub ] || rc=2; [ -f /etc/ssh/ssh_host_rsa_key.pub ] || rc=1; [ -d /etc/ssh/ssh_host_rsa_key.pub ] && rc=3; python -V 2>/dev/null || rc=4; [ x"$rc" != "xflag" ] && echo "${rc} "/etc/ssh/ssh_host_rsa_key.pub && exit 0; (python -c '"'"'import hashlib; BLOCKSIZE = 65536; hasher = hashlib.sha1(); afile = open("'"'"'/etc/ssh/ssh_host_rsa_key.pub'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (python -c '"'"'import sha; BLOCKSIZE = 65536; hasher = sha.sha(); afile = open("'"'"'/etc/ssh/ssh_host_rsa_key.pub'"'"'", "rb") buf = afile.read(BLOCKSIZE) while len(buf) > 0: hasher.update(buf) buf = afile.read(BLOCKSIZE) afile.close() print(hasher.hexdigest())'"'"' 2>/dev/null) || (echo '"'"'0 '"'"'/etc/ssh/ssh_host_rsa_key.pub)'
ok: [10.223.0.51] => {"changed": false, "checksum": "312b6e08531e50f6baa21bf87f0dd8adbaad0c0d", "dest": "/tmp/keys/10.223.0.51/etc/ssh/ssh_host_rsa_key.pub", "file": "/etc/ssh/ssh_host_rsa_key.pub", "md5sum": "cb9f17d1febefd7c66fc79967606d272"}
PLAY [demo] *******************************************************************
TASK: [known_hosts] ***********************************************************
<10.223.0.52> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 10.223.0.52
<10.223.0.52> REMOTE_MODULE known_hosts path="/home/xiaoliang/.ssh/known_hosts" host="sun1-db-1" state=present key="ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtqGtO6VLYU3kWIWoiKKg8rgEQvEB/wHP1aZEK95kQ1yekDIK8Vfj4VQ3+pKqwTirwSF9ODeZR1VaC+K4b6Oke9bJ/0h5bXiRzzvmD/wu+c6uEtjtMdNYzQnLu4UNCCh1Fa6Pktm2Lz9xSxTcFyIncxgFSxqabf12OVYWsYaj7BwO6Wgs/pYoJjDv+IgJpUwvsPhJkX2s/Ak/U4JwnuaxXB/wufF/eFbEnTUbTv7o7KpHqX50Ok/daN05AVcC/oYPf79wOaeBsPMnTNisqjYJNSgS1EpTw1ZNxqwiRUpcyx8SQ/uI1caA06Q8g7RcNmLWiEM0t5lx2LjScX4ztrIYxQ=="
<10.223.0.52> EXEC /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070 && echo $HOME/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070'
<10.223.0.52> PUT /tmp/tmp54Yy4J TO /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/known_hosts
<10.223.0.52> EXEC /bin/sh -c 'LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/known_hosts; rm -rf /root/.ansible/tmp/ansible-tmp-1432862043.76-101243566006070/ >/dev/null 2>&1'
failed: [10.223.0.52] => {"cmd": "/usr/bin/ssh-keygen -F sun1-db-1 -f /tmp/tmpxxoJ6Q", "failed": true, "rc": 1}
stderr: line 1 invalid key: ssh-rsa...
/tmp/tmpxxoJ6Q is not a valid known_hosts file.
msg: line 1 invalid key: ssh-rsa...
/tmp/tmpxxoJ6Q is not a valid known_hosts file.
FATAL: all hosts have already failed -- aborting
PLAY RECAP ********************************************************************
to retry, use: --limit @/home/xiaoliang/demo.retry
10.223.0.51 : ok=1 changed=0 unreachable=0 failed=0
10.223.0.52 : ok=0 changed=0 unreachable=0 failed=1
============================================================
will anyone please help to look at this? or point me to the right direction?
Ulrich Hochholdinger
Jun 14, 2015, 6:37:52 PM6/14/15
to ansible...@googlegroups.com
Hi,
The known_hosts module expects a complete "known_hosts - line" as key value. The public key from /etc/ssh lists no hostname. So in your example the correct behaviour can be achieved by preceding the hostname:
Example:
...
The known_hosts module expects a complete "known_hosts - line" as key value. The public key from /etc/ssh lists no hostname. So in your example the correct behaviour can be achieved by preceding the hostname:
Example:
...
- name: known_hosts
known_hosts: path="/home/xiaoliang/.ssh/known_hosts" host="sun1-db-1" state=present
key="sun1-db-1 {{ lookup('file', '/tmp/keys/10.223.0.51/etc/ssh/ssh_host_rsa_key.pub') }}"
...Cheers
Ulli
Jeff Trawick
Jun 15, 2015, 8:38:49 AM6/15/15
to ansible...@googlegroups.com
On Friday, May 29, 2015 at 8:36:38 AM UTC-4, Leon Xie wrote:
Hi all,
I use the below playbook to add known hosts:
============================================================
- name: demo
hosts: 10.223.0.51
remote_user: root
tasks:
- name: fetch
fetch: src=/etc/ssh/ssh_host_rsa_key.pub dest=/tmp/keys
fail_on_missing=yes validate_checksum=yes
- name: demo
hosts: 10.223.0.52
remote_user: root
tasks:
- name: known_hosts
known_hosts: path="/home/xiaoliang/.ssh/known_hosts" host="sun1-db-1" state=present
key="{{ lookup('file', '/tmp/keys/10.223.0.51/etc/ssh/ssh_host_rsa_key.pub') }}"
The format of the key has to be in the form that it appears in a known_hosts file. So ssh to the target system, verify and accept the key, then take the line added to your local known_hosts file and add that.
Reply all
Reply to author
Forward
0 new messages