I have an Ansible playbook for provisioning servers. After the server is provisioned, I want to remove the old FQDN and/or hostname alias for that server from my local SSH known_hosts file, pause until the server is up, and then run the ssh-keyscan command to add the new server’s public SSH key to my known_hosts file. However, my task for running the keyscan command is resulting in an error that I haven’t been able to figure out.
Here are my tasks:
(tasks that provision server run first here)
-
name: remove old server’s public key from known_hosts
known_hosts:
path: “{{ local_home_dir }}/{{ me }}/.ssh/known_hosts”
name: “{{ item }}”
state: absent
loop: -
“{{ hostname }}”
-
“{{ hostname }}.{{ domain_name }}”
become: true
become_user: “{{ me }}” -
name: pause until host is up
local_action: command ping -c 1 {{ hostname }}.{{ domain_name }}
register: result
until: result.rc == 0
retries: 30
delay: 5 -
name: add new server’s public key to local known_hosts file
local_action: command ssh-keyscan -t ecdsa {{ hostname }}.{{ domain_name }} >> {{ local_home_dir }}/{{ me }}/.ssh/known_hosts
become: true
become_user: “{{ me }}”
The error can be seen here (I abbreviated the key that was returned with …)
TASK [add new server’s public key to local known_hosts file] ************************************************************
task path: /Users/smith/playbooks/gc/test.yml:36
Using module file /Users/smith/.virtualenvs/provision/lib/python3.7/site-packages/ansible/modules/commands/command.py
Pipelining is enabled.
ESTABLISH LOCAL CONNECTION FOR USER: smith
EXEC /bin/sh -c ‘/Users/smith/.virtualenvs/provision/bin/python && sleep 0’
changed: [127.0.0.1 → localhost] => {
“changed”: true,
“cmd”: [
“ssh-keyscan”,
“-t”,
“ecdsa”,
“example.com”,
“>>”,
“/Users/smith/.ssh/known_hosts”
],
“delta”: “0:00:00.241807”,
“end”: “2020-01-22 14:50:09.699630”,
“invocation”: {
“module_args”: {
“_raw_params”: “ssh-keyscan -t ecdsa example.com >> /Users/smith/.ssh/known_hosts”,
“_uses_shell”: false,
“argv”: null,
“chdir”: null,
“creates”: null,
“executable”: null,
“removes”: null,
“stdin”: null,
“stdin_add_newline”: true,
“strip_empty_ends”: true,
“warn”: true
}
},
“rc”: 0,
“start”: “2020-01-22 14:50:09.457823”,
“stderr”: “getaddrinfo >>: nodename nor servname provided, or not known\r\ngetaddrinfo /Users/smith/.ssh/known_hosts: nodename nor servname provided, or not known\r\n# example.com:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1”,
“stderr_lines”: [
“getaddrinfo >>: nodename nor servname provided, or not known”,
“getaddrinfo /Users/smith/.ssh/known_hosts: nodename nor servname provided, or not known”,
“# example.com:22 SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u1”
],
“stdout”: “example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL…”,
“stdout_lines”: [
“example.com ecdsa-sha2-nistp256 AAAAE2VjZHNhL…”
]
}
META: ran handlers
META: ran handlers
PLAY RECAP **************************************************************************************************************
127.0.0.1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
I know that the playbook’s pause task is working because I can see the server come up. I can also run the keyscan command that the playbook is running from the command line with no problems. It’s just the Ansible playbook that gets the “nodename nor servname provided, or not known error”. What’s more puzzling is that the stdout lines above show that the public key has been fetched from the server. Thanks!