Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can't disable Ansible's host key checking

I'm using Ansible 1.5.4 to provision my Vagrant 1.4.3 box on Ubuntu 14.04 LTS.

I'm getting the following error message in verbose mode:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

I can do: export ANSIBLE_HOST_KEY_CHECKING=False and I have following lines in my ~/.ansible.cfg:

[defaults]
host_key_checking = False

But it doesn't help.

What could be the problem? Thank you!

UPDATE #1

I'm calling it directly like this (without using vagrant command):

ansible-playbook playbook.yml -i inventory.ini --user=vagrant --ask-pass -vvvv

The inventory is:

[default]
localhost:2222
like image 847
Slava Fomin II Avatar asked May 06 '14 10:05

Slava Fomin II


People also ask

How do I disable strict host key in Ansible?

Host key checking is on by default. Disable it if you like by adding host_key_checking=False in the [default] section of /etc/ansible/ansible. cfg or ~/ansible. cfg or by exporting ANSIBLE_HOST_KEY_CHECKING=False.

What is host key Checking Ansible?

Ansible enables host key checking by default. Checking host keys guards against server spoofing and man-in-the-middle attacks, but it does require some maintenance. If a host is reinstalled and has a different key in 'known_hosts', this will result in an error message until corrected.

How do I ignore SSH authenticity in Ansible?

Two options - the first, as you said in your own answer, is setting the environment variable ANSIBLE_HOST_KEY_CHECKING to False. The second way to set it is to put it in an ansible. cfg file, and that's a really useful option because you can either set that globally (at system or user level, in /etc/ansible/ansible.

What is host key checking?

In host key checking, ssh automatically maintains and checks a database containing identification for all hosts it has ever been used with. Host keys are stored in ~/. ssh/known_hosts in the user's home directory. Additionally, the /etc/ssh/ssh_known_hosts file is automatically checked for known hosts.


1 Answers

You'll need to set it via the Vagrantfile of the project. When the Vagrant Ansible provisioner makes the call to ansible-playbook it always sets the value of the ANSIBLE_HOST_KEY_CHECKING environment variable.

Ansible itself takes the value of the environment variable if present. Therefore Vagrant will override the value used in your ansible.cfg.

Therefore you just need something like:

machine.vm.provision :ansible do |ansible|
  ansible.host_key_checking = false
  # etc.
end
like image 67
jabclab Avatar answered Oct 26 '22 05:10

jabclab