I have an Ansible playbook for provisioning servers. After the server is
provisioned, I want to remove the old FQDN and/or hostname alias for that
server from my local SSH known_hosts file, pause until the server is up,
and then run the ssh-keyscan command to add the new server's public SSH key
to my known_hosts file. However, my task for running the keyscan command
is resulting in an error that I haven't been able to figure out.
Here are my tasks:
(tasks that provision server run first here)
- name: remove old server's public key from known_hosts
known_hosts:
path: "{{ local_home_dir }}/{{ me }}/.ssh/known_hosts"
name: "{{ item }}"
state: absent
loop:
- "{{ hostname }}"
- "{{ hostname }}.{{ domain_name }}"
become: true
become_user: "{{ me }}"
- name: pause until host is up
local_action: command ping -c 1 {{ hostname }}.{{ domain_name }}
register: result
until: result.rc == 0
retries: 30
delay: 5
- name: add new server's public key to local known_hosts file
local_action: command ssh-keyscan -t ecdsa {{ hostname }}.{{
domain_name }} >> {{ local_home_dir }}/{{ me }}/.ssh/known_hosts
become: true
become_user: "{{ me }}"
The error can be seen here (I abbreviated the key that was returned with
...)
TASK [add new server's public key to local known_hosts file]
************************************************************
task path: /Users/smith/playbooks/gc/test.yml:36
Using module file
/Users/smith/.virtualenvs/provision/lib/python3.7/site-packages/ansible/modules/commands/command.py
Pipelining is enabled.
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: smith
<localhost> EXEC /bin/sh -c
'/Users/smith/.virtualenvs/provision/bin/python && sleep 0'
changed: [127.0.0.1 -> localhost] => {
"changed": true,
"cmd": [
"ssh-keyscan",
"-t",
"ecdsa",
"example.com",
">>",
"/Users/smith/.ssh/known_hosts"
],
"delta": "0:00:00.241807",
"end": "2020-01-22 14:50:09.699630",
"invocation": {
"module_args": {
"_raw_params": "ssh-keyscan -t ecdsa example.com >>
/Users/smith/.ssh/known_hosts",
"_uses_shell": false,
"argv": null,
"chdir": null,
"creates": null,
"executable": null,
"removes": null,
"stdin": null,
"stdin_add_newline": true,
"strip_empty_ends": true,
"warn": true
}
},
"rc": 0,
"start": "2020-01-22 14:50:09.457823",
"stderr": "getaddrinfo >>: nodename nor servname provided, or not
known\r\ngetaddrinfo /Users/smith/.ssh/known_hosts: nodename nor servname
provided, or not known\r\n# example.com:22 SSH-2.0-OpenSSH_7.9p1
Debian-10+deb10u1",
"stderr_lines": [
"getaddrinfo >>: nodename nor servname provided, or not known",
"getaddrinfo /Users/smith/.ssh/known_hosts: nodename nor
servname provided, or not known",
"# example.com:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1"
],
"stdout": "example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL...",
"stdout_lines": [
"example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL..."
]
}
META: ran handlers
META: ran handlers
PLAY RECAP
**************************************************************************************************************
127.0.0.1 : ok=3 changed=1 unreachable=0
failed=0 skipped=0 rescued=0 ignored=0
I know that the playbook's pause task is working because I can see the
server come up. I can also run the keyscan command that the playbook is
running from the command line with no problems. It's just the Ansible
playbook that gets the "nodename nor servname provided, or not known
error". What's more puzzling is that the stdout lines above show that the
public key has been fetched from the server. Thanks!
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ea37d7ca-110f-46fd-a84b-aa9a366deafc%40googlegroups.com.
