diff options
| author | Michael DeHaan <michael@ansibleworks.com> | 2013-07-05 21:42:41 -0400 |
|---|---|---|
| committer | Michael DeHaan <michael@ansibleworks.com> | 2013-07-05 21:42:41 -0400 |
| commit | d4a595b2070419bc7266a2cfef83581a74716ea3 (patch) | |
| tree | f8b90f3934d05b731732131024cad0d1e85c38e7 | |
| parent | 715f25efbc04fe0f42c0e1cf1ebf4269001f3ded (diff) | |
| download | ansible-d4a595b2070419bc7266a2cfef83581a74716ea3.tar.gz | |
Make it possible to tell paramiko to not record new host keys, which can be slow with a large number of hosts.
-c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you
can turn off recording while leaving host key checking on, etc.
| -rw-r--r-- | examples/ansible.cfg | 6 | ||||
| -rw-r--r-- | lib/ansible/constants.py | 3 | ||||
| -rw-r--r-- | lib/ansible/runner/connection_plugins/paramiko_ssh.py | 7 |
3 files changed, 13 insertions, 3 deletions
diff --git a/examples/ansible.cfg b/examples/ansible.cfg index e2eb98b4e1..6546bb7fd0 100644 --- a/examples/ansible.cfg +++ b/examples/ansible.cfg @@ -94,7 +94,11 @@ filter_plugins = /usr/share/ansible_plugins/filter_plugins [paramiko_connection] -# nothing to configure yet +# uncomment this line to cause the paramiko connection plugin to not record new host +# keys encountered. Increases performance. Setting works independently of the +# host key checking setting above. + +#record_host_keys=False [ssh_connection] diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py index 88ee494935..f2b98aef06 100644 --- a/lib/ansible/constants.py +++ b/lib/ansible/constants.py @@ -126,7 +126,8 @@ DEFAULT_LOG_PATH = shell_expand_path(get_config(p, DEFAULTS, 'log_ ANSIBLE_NOCOWS = get_config(p, DEFAULTS, 'nocows', 'ANSIBLE_NOCOWS', None) ANSIBLE_SSH_ARGS = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', None) -ZEROMQ_PORT = int(get_config(p, 'fireball', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099)) +PARAMIKO_RECORD_HOST_KEYS = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True) +ZEROMQ_PORT = int(get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099)) HOST_KEY_CHECKING = get_config(p, DEFAULTS, 'host_key_checking', 'ANSIBLE_HOST_KEY_CHECKING', True, boolean=True) diff --git a/lib/ansible/runner/connection_plugins/paramiko_ssh.py b/lib/ansible/runner/connection_plugins/paramiko_ssh.py index 016a67495a..84a57c194d 100644 --- a/lib/ansible/runner/connection_plugins/paramiko_ssh.py +++ b/lib/ansible/runner/connection_plugins/paramiko_ssh.py @@ -303,9 +303,14 @@ class Connection(object): if self.sftp is not None: self.sftp.close() - if self._any_keys_added(): + if C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added(): + # add any new SSH host keys -- warning -- this could be slow lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock") + dirname = os.path.dirname(self.keyfile) + if not os.path.exists(dirname): + os.makedirs(dirname) + KEY_LOCK = open(lockfile, 'w') fcntl.lockf(KEY_LOCK, fcntl.LOCK_EX) try: |