ansible - 具有非标准端口的 Ansible known_hosts 模块
问题描述
我正在配置一个新服务器,并希望将其公钥自动添加到我的本地known_hosts文件中。我的服务器在端口上运行2222。
hosts:
[remotes]
my_server ansible_host:42.42.42.42 ansible_port:2222
playbook.yml:
---
hosts: all
gather_facts: no
tasks:
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{ansible_host}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "{{item}}"
state: present
hash_host: yes
key: "{{host_key.stdout}}"
with_items:
- "{{ansible_host}}"
- "{{inventory_hostname}}"
这会将新条目添加到known_hosts.
但是ssh 42.42.42.42:2222仍然ssh my_server:2222显示未知键警告。
我怀疑这是因为 1)我在非标准端口上运行(known_host模块的文档没有显示设置端口的选项),或者 2)与散列选项有关。
我该怎么做呢?
解决方案
我找到了一个隐藏在一个旧问题中的解决方案。诀窍是使用[host]:port而不是host.
---
hosts: all
gather_facts: no
tasks:
# add entry to known_hosts for server's IP address
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{ansible_host}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "[{{ansible_host}}]:{{ansible_port}}" # <--- here
state: present
hash_host: yes
key: "{{host_key.stdout}}"
# add entry to known_hosts for server's hostname
- name: get host key
local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{inventory_hostname}}
register: host_key
- name: add host key
when: host_key is success
delegate_to: localhost
known_hosts:
name: "[{{inventory_hostname}}]:{{ansible_port}}" # <--- here
state: present
hash_host: yes
key: "{{host_key.stdout}}"
我找不到避免重复的方法,因为with_items不能一次应用于多个任务,所以它很丑但它有效。
这允许ssh 42.42.42.42:2222并且ssh my_server:2222没有提示(尽管my_server必须在/etc/hosts和/或中定义~/.ssh/config)。