Merge pull request #6156 from iiordanov/devel

Add support for checking host against global known host files. The effect of this is that before this fix if files are spread across the known_hosts file but not in the ~/known_hosts file the hosts will execute sequentially. This PR augments the functionality so that all of the knowns hosts will execute in parallel.
11 years ago · 92aacb198c
parent e79d859dfb a1854bb762
commit 92aacb198c
1 changed files with 37 additions and 26 deletions
--- a/lib/ansible/runner/connection_plugins/ssh.py
+++ b/lib/ansible/runner/connection_plugins/ssh.py
@ -118,35 +118,46 @@ class Connection(object):
    def not_in_host_file(self, host):
        if 'USER' in os.environ:
-            host_file = os.path.expandvars("~${USER}/.ssh/known_hosts")
+            user_host_file = os.path.expandvars("~${USER}/.ssh/known_hosts")
        else:
-            host_file = "~/.ssh/known_hosts"
+            user_host_file = "~/.ssh/known_hosts"
-        host_file = os.path.expanduser(host_file)
+        user_host_file = os.path.expanduser(user_host_file)
-        if not os.path.exists(host_file):
+        
-            print "previous known host file not found"
+        host_file_list = []
-            return True
+        host_file_list.append(user_host_file)
-        host_fh = open(host_file)
+        host_file_list.append("/etc/ssh/ssh_known_hosts")
-        data = host_fh.read()
+        host_file_list.append("/etc/ssh/ssh_known_hosts2")
-        host_fh.close()
+        
-        for line in data.split("\n"):
+        hfiles_not_found = 0
-            if line is None or line.find(" ") == -1:
+        for hf in host_file_list:
            if not os.path.exists(hf):
                hfiles_not_found += 1
                continue
-            tokens = line.split()
+            host_fh = open(hf)
-            if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
+            data = host_fh.read()
-                # this is a hashed known host entry
+            host_fh.close()
-                try:
+            for line in data.split("\n"):
-                    (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
+                if line is None or line.find(" ") == -1:
                    hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
                    hash.update(host)
                    if hash.digest() == kn_host.decode('base64'):
                        return False
                except:
                    # invalid hashed host key, skip it
                    continue
-            else:
+                tokens = line.split()
-                # standard host file entry
+                if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
-                if host in tokens[0]:
+                    # this is a hashed known host entry
-                    return False
+                    try:
                        (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
                        hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1)
                        hash.update(host)
                        if hash.digest() == kn_host.decode('base64'):
                            return False
                    except:
                        # invalid hashed host key, skip it
                        continue
                else:
                    # standard host file entry
                    if host in tokens[0]:
                        return False
        if (hfiles_not_found == len(host_file_list)):
            print "previous known host file not found"
        return True
    def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False):