Make it possible to tell paramiko to not record new host keys, which can be slow with a large number of hosts.

-c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you can turn off recording while leaving host key checking on, etc.
11 years ago · cf6e1f8db9
parent 14818af446
commit cf6e1f8db9
3 changed files with 13 additions and 3 deletions
--- a/examples/ansible.cfg
+++ b/examples/ansible.cfg
@ -90,7 +90,11 @@ filter_plugins     = /usr/share/ansible_plugins/filter_plugins

 [paramiko_connection]

-# nothing configurable yet
+# uncomment this line to cause the paramiko connection plugin to not record new host
+# keys encountered.  Increases performance.  Setting works independently of the
+# host key checking setting above.
+
+#record_host_keys=False

 [ssh_connection]

--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@ -127,7 +127,8 @@ DEFAULT_LOG_PATH               = shell_expand_path(get_config(p, DEFAULTS, 'log_

 ANSIBLE_NOCOWS                 = get_config(p, DEFAULTS, 'nocows', 'ANSIBLE_NOCOWS', None)
 ANSIBLE_SSH_ARGS               = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', None)
-ZEROMQ_PORT                    = int(get_config(p, 'fireball', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))
+PARAMIKO_RECORD_HOST_KEYS      = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True)
+ZEROMQ_PORT                    = int(get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))

 DEFAULT_UNDEFINED_VAR_BEHAVIOR = get_config(p, DEFAULTS, 'error_on_undefined_vars', 'ANSIBLE_ERROR_ON_UNDEFINED_VARS', False, boolean=True)
 HOST_KEY_CHECKING              = get_config(p, DEFAULTS, 'host_key_checking',  'ANSIBLE_HOST_KEY_CHECKING',    True, boolean=True)
--- a/lib/ansible/runner/connection_plugins/paramiko_ssh.py
+++ b/lib/ansible/runner/connection_plugins/paramiko_ssh.py
@ -303,9 +303,14 @@ class Connection(object):
        if self.sftp is not None:
            self.sftp.close()

-        if self._any_keys_added():
+        if C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added():
+
            # add any new SSH host keys -- warning -- this could be slow
            lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock") 
+            dirname = os.path.dirname(self.keyfile)
+            if not os.path.exists(dirname):
+                os.makedirs(dirname)
+
            KEY_LOCK = open(lockfile, 'w')
            fcntl.lockf(KEY_LOCK, fcntl.LOCK_EX)
            try: