all,
Currently on Foreman Ansible, we are facing an issue when running Ansible for the first time against a host.
The host could have been created by Foreman or it could be an already existing host we have imported.
Since itâs the first time the foreman
or foreman-proxy
users try to SSH to the host, the first run will fail with a familiar error like âHost key verification failedâ. In order to work around it, you may try to just open an SSH connection between foreman-proxy and the host on a console, then âacceptâ the key to be added to ~/.ssh/known_hosts
.
This is most likely a problem shared with Foreman Remote Execution too. Here are some possible solutions. Any more ideas? Preferences?
- If the host has been created by Foreman, add it to
./ssh/known_hosts
. This can be problematic for proxies and error-prone (what if the proxy is down) - Disable this feature as http://docs.ansible.com/ansible/latest/user_guide/intro_getting_started.html#host-key-checking indicates - an attack vector for man-in-the-middle.
- Disabling key verification on the first Ansible run we make by passing the variable
ANSIBLE_HOST_KEY_CHECKING=False
. The second time onwards we will get a warning if the host key has changed.