Fix 'ansible_host_key_checking' for adding new hosts to the inventory

using 'add_hosts'
mitogen-hq · May 7, 2024 · fec7334 · fec7334
1 parent 0f34e25
commit fec7334
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/ansible_mitogen/connection.py b/ansible_mitogen/connection.py
@@ -119,10 +119,14 @@ def _connect_ssh(spec):
     """
     Return ContextService arguments for an SSH connection.
     """
-    if C.HOST_KEY_CHECKING:
-        check_host_keys = 'enforce'
+    check_host_keys = spec.ansible_ssh_host_key_checking()
+    if check_host_keys is None:
+        if C.HOST_KEY_CHECKING:
+            check_host_keys = 'enforce'
+        else:
+            check_host_keys = 'ignore'
     else:
-        check_host_keys = 'ignore'
+        check_host_keys = ('ignore', 'enforce')[check_host_keys]
 
     # #334: tilde-expand private_key_file to avoid implementation difference
     # between Python and OpenSSH.

diff --git a/ansible_mitogen/transport_config.py b/ansible_mitogen/transport_config.py
@@ -67,6 +67,7 @@
 import ansible.constants as C
 
 from ansible.module_utils.six import with_metaclass
+from ansible.module_utils.parsing.convert_bool import boolean
 
 # this was added in Ansible >= 2.8.0; fallback to the default interpreter if necessary
 try:
@@ -385,6 +386,12 @@ def mitogen_ssh_compression(self):
         Whether SSH compression is enabled.
         """
 
+    @abc.abstractmethod
+    def ansible_ssh_host_key_checking(self):
+        """
+        Whether or not to check the ssh hostkeys
+        """
+
     @abc.abstractmethod
     def extra_args(self):
         """
@@ -564,6 +571,16 @@ def mitogen_ssh_debug_level(self):
     def mitogen_ssh_compression(self):
         return self._connection.get_task_var('mitogen_ssh_compression')
 
+    def ansible_ssh_host_key_checking(self):
+        tmp = [boolean(x) for x in list(
+            filter(lambda x:x is not None, (
+                self._connection.get_task_var('ansible_ssh_host_key_checking'),
+                self._connection.get_task_var('ansible_host_key_checking')
+            )))]
+        if not tmp:
+            return None
+        return any(tmp)
+
     def extra_args(self):
         return self._connection.get_extra_args()
 

diff --git a/docs/changelog.rst b/docs/changelog.rst
@@ -24,7 +24,7 @@ Unreleased
 * :gh:issue:`952` Fix Ansible `--ask-become-pass`, add test coverage
 * :gh:issue:`957` Fix Ansible exception when executing against 10s of hosts
   "ValueError: filedescriptor out of range in select()"
-
+* :gh:issue:`1066` Fix `ansible_ssh_host_key_checking`
 
 v0.3.7 (2024-04-08)
 -------------------