Racke, thank you very much. Changing 'command' to 'shell' fixed the
problem. One follow-up... I thought ssh-keyscan *was* fetching the SSH key
file from the server. Was I mistaken? What technique were you thinking
of? Thanks again!
On Wednesday, January 22, 2020 at 10:32:04 PM UTC-8, Stefan Hornburg
(Racke) wrote:
>
> On 1/23/20 12:24 AM, RobertF wrote:
> > I have an Ansible playbook for provisioning servers. After the server
> is provisioned, I want to remove the old FQDN
> > and/or hostname alias for that server from my local SSH known_hosts
> file, pause until the server is up, and then run the
> > ssh-keyscan command to add the new server's public SSH key to my
> known_hosts file. However, my task for running the
> > keyscan command is resulting in an error that I haven't been able to
> figure out.
>
> Hello,
>
> you can not use redirections with the command module. The shell module can
> do that. Another alternative would
> be to fetch the SSH key file from the server instead of running
> ssh-keyscan.
>
> Regards
> Racke
>
> >
> > Here are my tasks:
> >
> > (tasks that provision server run first here)
> >
> > - name: remove old server's public key from known_hosts
> > known_hosts:
> > path: "{{ local_home_dir }}/{{ me }}/.ssh/known_hosts"
> > name: "{{ item }}"
> > state: absent
> > loop:
> > - "{{ hostname }}"
> > - "{{ hostname }}.{{ domain_name }}"
> > become: true
> > become_user: "{{ me }}"
> >
> > - name: pause until host is up
> > local_action: command ping -c 1 {{ hostname }}.{{ domain_name }}
> > register: result
> > until: result.rc == 0
> > retries: 30
> > delay: 5
> >
> > - name: add new server's public key to local known_hosts file
> > local_action: command ssh-keyscan -t ecdsa {{ hostname }}.{{
> domain_name }} >> {{ local_home_dir }}/{{ me
> > }}/.ssh/known_hosts
> > become: true
> > become_user: "{{ me }}"
> >
> > The error can be seen here (I abbreviated the key that was returned with
> ...)
> >
> > TASK [add new server's public key to local known_hosts file]
> > ************************************************************
> > task path: /Users/smith/playbooks/gc/test.yml:36
> > Using module file
> /Users/smith/.virtualenvs/provision/lib/python3.7/site-packages/ansible/modules/commands/command.py
>
>
> > Pipelining is enabled.
> > <localhost> ESTABLISH LOCAL CONNECTION FOR USER: smith
> > <localhost> EXEC /bin/sh -c
> '/Users/smith/.virtualenvs/provision/bin/python && sleep 0'
> > changed: [127.0.0.1 -> localhost] => {
> > "changed": true,
> > "cmd": [
> > "ssh-keyscan",
> > "-t",
> > "ecdsa",
> > "example.com",
> > ">>",
> > "/Users/smith/.ssh/known_hosts"
> > ],
> > "delta": "0:00:00.241807",
> > "end": "2020-01-22 14:50:09.699630",
> > "invocation": {
> > "module_args": {
> > "_raw_params": "ssh-keyscan -t ecdsa example.com >>
> /Users/smith/.ssh/known_hosts",
> > "_uses_shell": false,
> > "argv": null,
> > "chdir": null,
> > "creates": null,
> > "executable": null,
> > "removes": null,
> > "stdin": null,
> > "stdin_add_newline": true,
> > "strip_empty_ends": true,
> > "warn": true
> > }
> > },
> > "rc": 0,
> > "start": "2020-01-22 14:50:09.457823",
> > "stderr": "getaddrinfo >>: nodename nor servname provided, or
> not known\r\ngetaddrinfo
> > /Users/smith/.ssh/known_hosts: nodename nor servname provided, or not
> known\r\n# example.com:22 SSH-2.0-OpenSSH_7.9p1
> > Debian-10+deb10u1",
> > "stderr_lines": [
> > "getaddrinfo >>: nodename nor servname provided, or not
> known",
> > "getaddrinfo /Users/smith/.ssh/known_hosts: nodename nor
> servname provided, or not known",
> > "# example.com:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1"
> > ],
> > "stdout": "example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL...",
> > "stdout_lines": [
> > "example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL..."
> > ]
> > }
> > META: ran handlers
> > META: ran handlers
> >
> > PLAY RECAP
> >
> **************************************************************************************************************
>
>
> > 127.0.0.1 : ok=3 changed=1 unreachable=0
> failed=0 skipped=0 rescued=0 ignored=0
> >
> > I know that the playbook's pause task is working because I can see the
> server come up. I can also run the keyscan
> > command that the playbook is running from the command line with no
> problems. It's just the Ansible playbook that gets
> > the "nodename nor servname provided, or not known error". What's more
> puzzling is that the stdout lines above show that
> > the public key has been fetched from the server. Thanks!
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to
> > ansible...@googlegroups.com <javascript:> <mailto:
> ansible-project+unsubscr...@googlegroups.com <javascript:>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/ansible-project/ea37d7ca-110f-46fd-a84b-aa9a366deafc%40googlegroups.com
>
> > <
> https://groups.google.com/d/msgid/ansible-project/ea37d7ca-110f-46fd-a84b-aa9a366deafc%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
>
>
>
> --
> Ecommerce and Linux consulting + Perl and web application programming.
> Debian and Sympa administration. Provisioning with Ansible.
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/f99ef71e-f734-43dc-b04a-f56ccd705852%40googlegroups.com.
