Racke, thank you very much. Changing 'command' to 'shell' fixed the
problem. One follow-up... I thought ssh-keyscan *was* fetching the SSH key
file from the server. Was I mistaken? What technique were you thinking
of? Thanks again!
On Wednesday, January 22, 2020 at 10:32:04 PM UTC-8, Stefan Hornburg
(Racke) wrote:
>
> On 1/23/20 12:24 AM, RobertF wrote:
> > I have an Ansible playbook for provisioning servers. After the server
> is provisioned, I want to remove the old FQDN
> > and/or hostname alias for that server from my local SSH known_hosts
> file, pause until the server is up, and then run the
> > ssh-keyscan command to add the new server's public SSH key to my
> known_hosts file. However, my task for running the
> > keyscan command is resulting in an error that I haven't been able to
> figure out.
>
> Hello,
>
> you can not use redirections with the command module. The shell module can
> do that. Another alternative would
> be to fetch the SSH key file from the server instead of running
> ssh-keyscan.
>
> Regards
> Racke
>
> >
> > Here are my tasks:
> >
> > (tasks that provision server run first here)
> >
> > - name: remove old server's public key from known_hosts
> > known_hosts:
> > path: "{{ local_home_dir }}/{{ me }}/.ssh/known_hosts"
> > name: "{{ item }}"
> > state: absent
> > loop:
> > - "{{ hostname }}"
> > - "{{ hostname }}.{{ domain_name }}"
> > become: true
> > become_user: "{{ me }}"
> >
> > - name: pause until host is up
> > local_action: command ping -c 1 {{ hostname }}.{{ domain_name }}
> > register: result
> > until: result.rc == 0
> > retries: 30
> > delay: 5
> >
> > - name: add new server's public key to local known_hosts file
> > local_action: command ssh-keyscan -t ecdsa {{ hostname }}.{{
> domain_name }} >> {{ local_home_dir }}/{{ me
> > }}/.ssh/known_hosts
> > become: true
> > become_user: "{{ me }}"
> >
> > The error can be seen here (I abbreviated the key that was returned with
> ...)
> >
> > TASK [add new server's public key to local known_hosts file]
> > ************************************************************
> > task path: /Users/smith/playbooks/gc/test.yml:36
> > Using module file
> /Users/smith/.virtualenvs/provision/lib/python3.7/site-packages/ansible/modules/commands/command.py
>
>
> > Pipelining is enabled.
> > <localhost> ESTABLISH LOCAL CONNECTION FOR USER: smith
> > <localhost> EXEC /bin/sh -c
> '/Users/smith/.virtualenvs/provision/bin/python && sleep 0'
> > changed: [127.0.0.1 -> localhost] => {
> > "changed": true,
> > "cmd": [
> > "ssh-keyscan",
> > "-t",
> > "ecdsa",
> > "example.com",
> > ">>",
> > "/Users/smith/.ssh/known_hosts"
> > ],
> > "delta": "0:00:00.241807",
> > "end": "2020-01-22 14:50:09.699630",
> > "invocation": {
> > "module_args": {
> > "_raw_params": "ssh-keyscan -t ecdsa example.com >>
> /Users/smith/.ssh/known_hosts",
> > "_uses_shell": false,
> > "argv": null,
> > "chdir": null,
> > "creates": null,
> > "executable": null,
> > "removes": null,
> > "stdin": null,
> > "stdin_add_newline": true,
> > "strip_empty_ends": true,
> > "warn": true
> > }
> > },
> > "rc": 0,
> > "start": "2020-01-22 14:50:09.457823",
> > "stderr": "getaddrinfo >>: nodename nor servname provided, or
> not known\r\ngetaddrinfo
> > /Users/smith/.ssh/known_hosts: nodename nor servname provided, or not
> known\r\n# example.com:22 SSH-2.0-OpenSSH_7.9p1
> > Debian-10+deb10u1",
> > "stderr_lines": [
> > "getaddrinfo >>: nodename nor servname provided, or not
> known",
> > "getaddrinfo /Users/smith/.ssh/known_hosts: nodename nor
> servname provided, or not known",
> > "# example.com:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1"
> > ],
> > "stdout": "example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL...",
> > "stdout_lines": [
> > "example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL..."
> > ]
> > }
> > META: ran handlers
> > META: ran handlers
> >
> > PLAY RECAP
> >
> **************************************************************************************************************
>
>
> > 127.0.0.1 : ok=3 changed=1 unreachable=0
> failed=0 skipped=0 rescued=0 ignored=0
> >
> > I know that the playbook's pause task is working because I can see the
> server come up. I can also run the keyscan
> > command that the playbook is running from the command line with no
> problems. It's just the Ansible playbook that gets
> > the "nodename nor servname provided, or not known error". What's more
> puzzling is that the stdout lines above show that
> > the public key has been fetched from the server. Thanks!
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to
> > [email protected] <javascript:> <mailto:
> [email protected] <javascript:>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/ea37d7ca-110f-46fd-a84b-aa9a366deafc%40googlegroups.com
>
> > <
> https://groups.google.com/d/msgid/ansible-project/ea37d7ca-110f-46fd-a84b-aa9a366deafc%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
>
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f99ef71e-f734-43dc-b04a-f56ccd705852%40googlegroups.com.
