Fix 'ansible_host_key_checking' and 'ansible_ssh_host_key_checking' for

adding new hosts to the inventory using 'add_hosts' Co-authored-by: Alex Willmer <alex@moreati.org.uk>
1 year ago · ec05e542b4
parent 0f34e2505b
commit ec05e542b4
3 changed files with 25 additions and 1 deletions
--- a/ansible_mitogen/connection.py
+++ b/ansible_mitogen/connection.py
@ -119,7 +119,7 @@ def _connect_ssh(spec):
    """
    Return ContextService arguments for an SSH connection.
    """
-    if C.HOST_KEY_CHECKING:
+    if spec.host_key_checking():
        check_host_keys = 'enforce'
    else:
        check_host_keys = 'ignore'
--- a/ansible_mitogen/transport_config.py
+++ b/ansible_mitogen/transport_config.py
@ -67,6 +67,7 @@ import ansible.utils.shlex
 import ansible.constants as C

 from ansible.module_utils.six import with_metaclass
+from ansible.module_utils.parsing.convert_bool import boolean

 # this was added in Ansible >= 2.8.0; fallback to the default interpreter if necessary
 try:
@ -245,6 +246,12 @@ class Spec(with_metaclass(abc.ABCMeta, object)):
        Path to the Python interpreter on the target machine.
        """

+    @abc.abstractmethod
+    def host_key_checking(self):
+        """
+        Whether or not to check the keys of the target machine
+        """
+
    @abc.abstractmethod
    def private_key_file(self):
        """
@ -466,6 +473,14 @@ class PlayContextSpec(Spec):
            action=self._action,
            rediscover_python=rediscover_python)

+    def host_key_checking(self):
+        def candidates():
+            yield self._connection.get_task_var('ansible_ssh_host_key_checking')
+            yield self._connection.get_task_var('ansible_host_key_checking')
+            yield C.HOST_KEY_CHECKING
+        val = next((v for v in candidates() if v is not None), True)
+        return boolean(val)
+
    def private_key_file(self):
        return self._play_context.private_key_file

@ -692,6 +707,14 @@ class MitogenViaSpec(Spec):
            action=self._action,
            rediscover_python=rediscover_python)

+    def host_key_checking(self):
+        def candidates():
+            yield self._host_vars.get('ansible_ssh_host_key_checking')
+            yield self._host_vars.get('ansible_host_key_checking')
+            yield C.HOST_KEY_CHECKING
+        val = next((v for v in candidates() if v is not None), True)
+        return boolean(val)
+
    def private_key_file(self):
        # TODO: must come from PlayContext too.
        return (
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@ -24,6 +24,7 @@ Unreleased
 * :gh:issue:`952` Fix Ansible `--ask-become-pass`, add test coverage
 * :gh:issue:`957` Fix Ansible exception when executing against 10s of hosts
  "ValueError: filedescriptor out of range in select()"
+* :gh:issue:`1066` Support Ansible `ansible_host_key_checking` & `ansible_ssh_host_key_checking`


 v0.3.7 (2024-04-08)