[Ansible] Add host key to known_hosts file.(if not exists)

Ansible

[Ansible] Add host key to known_hosts file.(if not exists)

Network && Devops 2020. 7. 16. 18:44

Ansbie에서 각 호스트 SSH 접속할 경우 known_hots 파일에 호스트 키가 저장이 되어 있어야 하며, 저장이 되어 있지 않을 경우 playbook 실행시 호스트key를 찾을 수 없다는 메시지와 함께 실행이 되지 않게 된다.

ansible에서는 known_hosts 모듈을 사용하여 known_hosts 파일에 호스트 키를 저장하거나 삭제 할 수 있다.

아래는 호스트 키를 known_hosts 파일에 저장하는 Playbook 파일이며, 호스트 키를 검색 한 후 호스트 키가 없을 경우에 키를 저장할 수 있다.

---
#- hosts1 IP : 10.10.10.1 
- hosts: host1 
  gather_facts: no
  connection: local

  vars:
    ssh_known_hosts_command: "ssh-keyscan -T 10"
    ssh_known_hosts_file: "{{ lookup('env','HOME') + '/.ssh/known_hosts' }}"
    ssh_known_hosts: "{{ ansible_host }}"

  tasks:

  - name: scan for host key about ssh_known_hosts
    shell: "ssh-keyscan {{ item }},`dig +short {{ item }}`"
    with_items: "{{ ssh_known_hosts }}"
    register: ssh_known_host_results
    ignore_errors: yes

  - name: Add the host key in the '{{ ssh_known_hosts_file }}' if does not exist.
    known_hosts:
      name: "{{ item.item }}"
      key: "{{ item.stdout }}"
      path: "{{ ssh_known_hosts_file }}"
    with_items: "{{ ssh_known_host_results.results }}"
    when: ssh_known_host_results == False

※ 실행 방법 및 결과

[root@ansible]#ansible-playbook /etc/ansible/playbooks/hostkeycheck.yml

PLAY [host1] ***********************************************************************************************************************************************************************************************************************

TASK [scan for host key about ssh_known_hosts] *********************************************************************************************************************************************************************************************
changed: [host1] => (item=10.10.10.1)

TASK [Add the host key in the '/root/.ssh/known_hosts' if does not exist.] *****************************************************************************************************************************************************************
skipping: [host1] => (item={u'stderr_lines': [u'# 10.10.10.1:22 SSH-2.0-OpenSSH_6.2 PKIX FIPS', u'# 10.10.10.1:22 SSH-2.0-OpenSSH_6.2 PKIX FIPS', u'# 10.10.10.1:22 SSH-2.0-OpenSSH_6.2 PKIX FIPS'], u'ansible_loop_var': u'item', u'end': u'2020-07-16 20:52:55.362806', u'stdout': u'10.10.10.1, ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApH0suUEB6+9eOkGYOSZfwAHFY+YE1r6Ug5tH068DjjCcZnR1/G3106vRxf7+YXTOvYCD5FgklU8BHhwN0Zgcf6urxIe5ZrN5l7CToCo9rzvkkjih/9d8PHsVmEApmY2ug806tgBinkXcvxcC/c='], u'ansible_facts': {u'discovered_interpreter_python': u'/usr/bin/python'}}) 

PLAY RECAP *********************************************************************************************************************************************************************************************************************************
host1              : ok=1    changed=1    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0

▶ 키파일이 존재하여 실행 결과 skipped 된 것을 확인할 수 있다.