beastman.kojak Comments

beastman.kojak

•Created by heavytobi on 10/22/2024 in #help

Ansible not usable

There are security implications for turning off strict host key checking. As an alternative, you could probably add the target host to the known hosts in step 4 when you set the file permissions, but I haven't tested that.

15 replies

WWindmill

•Created by heavytobi on 10/22/2024 in #help

Ansible not usable

Hi @heavytobi, I was having similar issues with ansible and found your question. Here's what I did to solve it. For my setup, I have an ssh key that I generated specifically for windmill and added that in the authorized_keys file on the target host.
1. add some settings to the inventory file

[my_lab]
my_lab_vm

[my_lab:vars]
ansible_host=192.168.1.100 #ip address of target machine
ansible_user=bkojak
ansible_ssh_private_key_file=ssh_key #This will get copied from our secrets
ansible_ssh_common_args='-o StrictHostKeyChecking=no' #this fixes the host key verification error

[my_lab]
my_lab_vm

[my_lab:vars]
ansible_host=192.168.1.100 #ip address of target machine
ansible_user=bkojak
ansible_ssh_private_key_file=ssh_key #This will get copied from our secrets
ansible_ssh_common_args='-o StrictHostKeyChecking=no' #this fixes the host key verification error

2. Copy the private key into a secret varialble. NOTE: There MUST be a newline at the end of the file, otherwise you will get other errors.

-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----

-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----

3. In the ansible script, create a file for the ssh key:

# File resources will be written in the relative `target` location before
# running the playbook
files:
  - variable: u/beastman/windmill_private_key
    target:  ./ssh_key

# File resources will be written in the relative `target` location before
# running the playbook
files:
  - variable: u/beastman/windmill_private_key
    target:  ./ssh_key

4. Set the proper permissions on the private key file before connecting to the remote host. You will get an error if the permissions are not correct.

---
- name: Set up private key
  hosts: localhost
  tasks:
  - name: chmod ssh key
    ansible.builtin.file:
      path: ssh_key
      mode: '0600'

- name: Deploy Stack
  hosts: my_lab
...

---
- name: Set up private key
  hosts: localhost
  tasks:
  - name: chmod ssh key
    ansible.builtin.file:
      path: ssh_key
      mode: '0600'

- name: Deploy Stack
  hosts: my_lab
...

15 replies