mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Make it possible to tell paramiko to not record new host keys, which can be slow with a large number of hosts.
-c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you can turn off recording while leaving host key checking on, etc.
This commit is contained in:
parent
14818af446
commit
cf6e1f8db9
3 changed files with 13 additions and 3 deletions
|
@ -90,7 +90,11 @@ filter_plugins = /usr/share/ansible_plugins/filter_plugins
|
|||
|
||||
[paramiko_connection]
|
||||
|
||||
# nothing configurable yet
|
||||
# uncomment this line to cause the paramiko connection plugin to not record new host
|
||||
# keys encountered. Increases performance. Setting works independently of the
|
||||
# host key checking setting above.
|
||||
|
||||
#record_host_keys=False
|
||||
|
||||
[ssh_connection]
|
||||
|
||||
|
|
|
@ -127,7 +127,8 @@ DEFAULT_LOG_PATH = shell_expand_path(get_config(p, DEFAULTS, 'log_
|
|||
|
||||
ANSIBLE_NOCOWS = get_config(p, DEFAULTS, 'nocows', 'ANSIBLE_NOCOWS', None)
|
||||
ANSIBLE_SSH_ARGS = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', None)
|
||||
ZEROMQ_PORT = int(get_config(p, 'fireball', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))
|
||||
PARAMIKO_RECORD_HOST_KEYS = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True)
|
||||
ZEROMQ_PORT = int(get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))
|
||||
|
||||
DEFAULT_UNDEFINED_VAR_BEHAVIOR = get_config(p, DEFAULTS, 'error_on_undefined_vars', 'ANSIBLE_ERROR_ON_UNDEFINED_VARS', False, boolean=True)
|
||||
HOST_KEY_CHECKING = get_config(p, DEFAULTS, 'host_key_checking', 'ANSIBLE_HOST_KEY_CHECKING', True, boolean=True)
|
||||
|
|
|
@ -303,9 +303,14 @@ class Connection(object):
|
|||
if self.sftp is not None:
|
||||
self.sftp.close()
|
||||
|
||||
if self._any_keys_added():
|
||||
if C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added():
|
||||
|
||||
# add any new SSH host keys -- warning -- this could be slow
|
||||
lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock")
|
||||
dirname = os.path.dirname(self.keyfile)
|
||||
if not os.path.exists(dirname):
|
||||
os.makedirs(dirname)
|
||||
|
||||
KEY_LOCK = open(lockfile, 'w')
|
||||
fcntl.lockf(KEY_LOCK, fcntl.LOCK_EX)
|
||||
try:
|
||||
|
|
Loading…
Reference in a new issue