I get 2-4 “previous known host file not found” warning on each task execution.
Like
TASK: [configure .bashrc for me] ********************************************
previous known host file not found
previous known host file not found
previous known host file not found
previous known host file not found
ok: [test1]
Naturally, ~/.ssh/known_hosts exists and is readable.
I think it happened at some point but for the life of me I can’t find any related configuration option. Just how do I fix it?
What version of Ansible are you using?
Also, what connection type is being used (did you specify -c ssh or -c paramiko? If not, what’s your OS you are running Ansible from?)
Can you show your current user id from bash and also “ls -l” on the known_hosts file?
Are you perhaps running ansible locally through sudo?
sudo ansible …
I had this issue some time ago, and a patch wa accepted to look at the sudo user’s home dir, nog the calling user, which solved that.
I still get this for jobs that run from cron though (no sudo involved here), but didn’ look at it further so far.
recent ansible 1.5 devel, running on default -c ssh
Serge
I can no longer reproduce that.
Hmm, now appeared again.
$ ansible --version
ansible 1.4.3
$ cat /etc/redhat-release
CentOS release 6.5 (Final)
$ rpm -q openssh-clients
openssh-clients-6.4p1-1.el6.2.x86_64
$ id
uid=500(magi) gid=500(magi) groups=500(magi),10(wheel)
$ls -l ~/.ssh
total 28
-rw------- 1 magi magi 789 Jan 12 18:47 authorized_keys
-rw------- 1 magi magi 1675 Apr 17 2013 id_rsa
-rw-r–r-- 1 magi magi 395 Jan 12 13:17 id_rsa.pub
-rw-r–r-- 1 magi magi 13375 Feb 2 14:57 known_hosts
I don’t use sudo. The command is run like this:
time ansible-playbook $task -e “hosts=$host” -i $inventory -s
So what can I do to finally find the previous host file?
If you can reliably repeatably reproduce this, do the run with -vvvv to make sure the ssh args match up with what you think they should, with respect to where the known hosts file should be, etc...
-jlk
How do I know what they should be?
Anyone?
Well, you'd want to look at what ansible is using, and try using them yourself manually and see if the problem persists.
This doesn't appear to be a common problem, I really would say it's something specific to your environment and usage.
-jlk
Well, it doesn’t really matter to me whether the problem is specific or not.
Here’s how a verbose ansible connection looks:
<192.168.7.188> ESTABLISH CONNECTION FOR USER: ilya
<192.168.7.188> EXEC [‘ssh’, ‘-tt’, ‘-vvv’, ‘-o’, ‘ControlMaster=auto’, ‘-o’, ‘ControlPersist=60s’, ‘-o’, ‘ControlPath=/home/ilya/.ansible/cp/ansible-ssh-%h-%p-%r’, ‘-o’, ‘Port=17722’, ‘-o’, ‘KbdInteractiveAuthentication=no’, ‘-o’, ‘PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey’, ‘-o’, ‘PasswordAuthentication=no’, ‘-o’, ‘User=ilya’, ‘-o’, ‘ConnectTimeout=10’, ‘192.168.7.188’, “/bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-1392322724.99-173609494693332 && chmod a+rx $HOME/.ansible/tmp/ansible-1392322724.99-173609494693332 && echo $HOME/.ansible/tmp/ansible-1392322724.99-173609494693332’”]
previous known host file not found
Here are attempts to reproduce it with ssh
$ ssh -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/home/ilya/.ansible/cp/ansible-ssh-%h-%p-%r -o Port=17722 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-micgssapi-keyexhostbasedpublickey -o PasswordAuthentication=no -o User=ilya -o ConnectTimeout=10 192.168.7.188 2>&1 | grep previous
$
$ ssh -tt -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=/home/ilya/.ansible/cp/ansible-ssh-%h-%p-%r -o Port=17722 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-micgssapi-keyexhostbasedpublickey -o PasswordAuthentication=no -o User=ilya -o ConnectTimeout=10 192.168.7.188
Permission denied (publickey,gssapi-with-mic,password).
$
$ ssh -tt -o ControlMaster=auto -o ControlPersist=60s -o Port=17722 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-micgssapi-keyexhostbasedpublickey -o PasswordAuthentication=no -o User=ilya -o ConnectTimeout=10 192.168.7.188
Permission denied (publickey,gssapi-with-mic,password).
$
$ssh -tt -o ControlMaster=auto -o ControlPersist=60s -o Port=17722 -o KbdInteractiveAuthentication=no -o PasswordAuthentication=no -o User=ilya -o ConnectTimeout=10 192.168.7.188
Last login: Thu Feb 13 20:18:45 2014 from 192.168.7.188
ilya@host1:~$
“previous known host file not found” is an Ansible message. Does anyone know the conditions under which is it triggered?
You seem to be getting permission denied errors sometimes and other times you can login ok?
Perhaps Ansible is giving the wrong error message but the underlying error is permission denied. Just taking a guess based on the output.
GS
No, look closely. I just remove the arguments one by one until it succedes.
Grepping the code shows it pretty clearly:
def not_in_host_file(self, host):
host_file = os.path.expanduser(os.path.expandvars("~${USER}/.ssh/known_hosts"))
if not os.path.exists(host_file):
print "previous known host file not found"
This is called when a command is executed.
It looks to your user's homedir/.ssh/known_hosts and if that file doesn't exist, it prints that message you're seeing.
Use of straight ssh will read various config files to determine where the known_hosts file is, such as /etc/ssh/ssh_config and ~/.ssh/config
Perhaps in one of those there is a configuration that marks known_hosts as some other file -- or you have a setting that is preventing ssh from every even checking for known hosts. Either way, that's where the message comes from.
-jlk
But the file exists (and the host is there). What could I do to debug it further?
I would edit the source code and put a debugger statement inside the if statement that does the print. This way when running ansible if you happen to get into this state, you can examine the various data, like what it thinks the value of host_file is, and then compare that to your filesystem.
Ok thanks I’ll try that.
Sorry for bumping this old thread, but I encountered “previous known host file not found” myself and identified my problem.
I was using ansible on a host where my login name did not match the name I wanted to run ansible under, so I set $USER to the desired name. This is a bad idea generally, but with Ansible will cause the following to fail:
os.path.expanduser(os.path.expandvars(“~${USER}/.ssh/known_hosts”))
So the correct way to use another name for Ansible ssh is to use the “-u” flag to ansible-playbook. Check to be sure $USER is actually set to your local username if you see this issue.
I always set ansible user in the inventory file.
I actually narrowed down the issue. It happens whenever a new host is added in a screen session. So, when working with already known hosts or when screen isn’t used, I don’t see it.
FYI: Expanding the temp path too early for that setting no longer happens in the latest version of Ansible.
You may wish to try with 1.7.1.