Disable SSH host key checking for Ansible. (!308) · Merge requests · opencraft / dev / console

Boros Gábor requested to merge smarnach/disable-host-key-checking into master May 03, 2018

Created by: smarnach

Follow-up to #300.

The Ansible configuration in edx/configuration disables SSH host key checking. The first time a playbook runs for a given IP, SSH will accept the host key unconditionally and add it to ~/.ssh/known_hosts. The ansible.cfg in ansible-playbooks, by contrast, does not disable host key checking. Most of the time this isn't a problem, since by the time the playbook runs the host key is already in known_hosts. If we by chance get assigned an IP that we already had for an earlier app server, we will have a different host key in known_hosts. Ansible will ignore the discrepancy for the upstream playbook, since host key checking is disabled, but SSH won't add the key to known_hosts, because there already is a different key for the same IP. In this case, our playbook will fail.

This PR disables host key checking for all Ansible runs.

Disable SSH host key checking for Ansible.

Merge request reports