具有非标准端口的 Ansible known_hosts 模块

Question

我正在配置一个新服务器，并希望将其公钥自动添加到我的本地 known_hosts 文件中。我的服务器在端口2222 上运行。

hosts:

[remotes]
my_server ansible_host:42.42.42.42 ansible_port:2222

playbook.yml:

---
hosts: all
gather_facts: no
tasks:

- name: get host key
  local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{ansible_host}}
  register: host_key

- name: add host key
  when: host_key is success
  delegate_to: localhost
  known_hosts:
    name: "{{item}}"
    state: present
    hash_host: yes
    key: "{{host_key.stdout}}"
  with_items:
    - "{{ansible_host}}"
    - "{{inventory_hostname}}"

这会将新条目添加到known_hosts。

但ssh 42.42.42.42:2222 和ssh my_server:2222 仍然显示未知键警告。

我怀疑这是因为 1) 我在非标准端口上运行（known_host 模块的文档没有显示设置端口的选项），或 2) 与散列选项有关.

我该怎么做？

Answer 1

我在old issue 中找到了一个解决方案。诀窍是使用[host]:port 而不是host。

---
hosts: all
gather_facts: no
tasks:

# add entry to known_hosts for server's IP address
- name: get host key
  local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{ansible_host}}
  register: host_key
- name: add host key
  when: host_key is success
  delegate_to: localhost
  known_hosts:
    name: "[{{ansible_host}}]:{{ansible_port}}"            # <--- here
    state: present
    hash_host: yes
    key: "{{host_key.stdout}}"

# add entry to known_hosts for server's hostname
- name: get host key
  local_action: command ssh-keyscan -t rsa -p {{ansible_port}} -H {{inventory_hostname}}
  register: host_key
- name: add host key
  when: host_key is success
  delegate_to: localhost
  known_hosts:
    name: "[{{inventory_hostname}}]:{{ansible_port}}"      # <--- here
    state: present
    hash_host: yes
    key: "{{host_key.stdout}}"

我找不到避免重复的方法，因为with_items 不能同时应用于多个任务，所以它很难看，但它有效。

这允许ssh 42.42.42.42:2222 和ssh my_server:2222 没有提示（尽管my_server 必须在/etc/hosts 和/或~/.ssh/config 中定义）。