Re: [ansible-project] Anyone can explain "false" below

2021-12-29 Thread Jack Morgan 
"Set this to “False” if you want to avoid host key checking by the 
underlying tools Ansible uses to connect to the host" per the link 
below. Most commonly used for SSH connections.


https://docs.ansible.com/ansible/latest/reference_appendices/config.html

On 12/29/21 08:10, davidy wrote:

Hi Anyone can explain "false" below. Thank you


sudo nano ansible.cfg
[defaults]
inventory =  ./hosts
host_key checking = false
--
You received this message because you are subscribed to the Google 
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/79c9d49b-e09e-475b-8e10-b1ca37ab0541n%40googlegroups.com 
.


--
Jack Morgan

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d9ac2972-1b8c-6e0e-a728-12d6b0fe7844%40jento.io.

Re: [ansible-project] Anyone can explain "false" below

2021-12-29 Thread Nico Kadel-Garcia 
On Wed, Dec 29, 2021 at 11:24 AM Jack Morgan  wrote:
>
> "Set this to “False” if you want to avoid host key checking by the underlying 
> tools Ansible uses to connect to the host" per the link below. Most commonly 
> used for SSH connections.
>
> https://docs.ansible.com/ansible/latest/reference_appendices/config.html

Host key checking is a big problem in many environments where a
disting OS image with distinct SSH keys may wind up assigned a
previously used IP address.

It can be turned for the Ansible server by editing ~/.ssh/config for
the account running ansible on that host, with:

 Host *
 UserKnownHostsFile /dev/null
 StrictHostKeyChecking no
 LogLevel ERROR

I've been suggesting this for complex environments since the
1990's, where the "hosts have stable DNS and stable individual keys"
has never been reliable. There have been demands in various
environments to publish or sign host keys, but the bootstrap to get
those keys under management needs a tool like ansible running *first*,
or it becomes a nasty bootstrap operation.





> On 12/29/21 08:10, davidy wrote:
>
> Hi Anyone can explain "false" below. Thank you
>
>
> sudo nano ansible.cfg
> [defaults]
> inventory =  ./hosts
> host_key checking = false
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/79c9d49b-e09e-475b-8e10-b1ca37ab0541n%40googlegroups.com.
>
> --
> Jack Morgan
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/d9ac2972-1b8c-6e0e-a728-12d6b0fe7844%40jento.io.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAOCN9rwx6%2Bd5TjkA5yVO3nbYhpbcv5q5whjO%3D9_vjJRgG9bahg%40mail.gmail.com.

Re: [ansible-project] Anyone can explain "false" below

2022-01-03 Thread davidy 
Thank you!!


On Wednesday, December 29, 2021 at 3:32:18 PM UTC-5 nka...@gmail.com wrote:

> On Wed, Dec 29, 2021 at 11:24 AM Jack Morgan  wrote:
> >
> > "Set this to “False” if you want to avoid host key checking by the 
> underlying tools Ansible uses to connect to the host" per the link below. 
> Most commonly used for SSH connections.
> >
> > https://docs.ansible.com/ansible/latest/reference_appendices/config.html
>
> Host key checking is a big problem in many environments where a
> disting OS image with distinct SSH keys may wind up assigned a
> previously used IP address.
>
> It can be turned for the Ansible server by editing ~/.ssh/config for
> the account running ansible on that host, with:
>
> Host *
> UserKnownHostsFile /dev/null
> StrictHostKeyChecking no
> LogLevel ERROR
>
> I've been suggesting this for complex environments since the
> 1990's, where the "hosts have stable DNS and stable individual keys"
> has never been reliable. There have been demands in various
> environments to publish or sign host keys, but the bootstrap to get
> those keys under management needs a tool like ansible running *first*,
> or it becomes a nasty bootstrap operation.
>
>
>
>
>
> > On 12/29/21 08:10, davidy wrote:
> >
> > Hi Anyone can explain "false" below. Thank you
> >
> >
> > sudo nano ansible.cfg
> > [defaults]
> > inventory = ./hosts
> > host_key checking = false
> > --
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com.
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/79c9d49b-e09e-475b-8e10-b1ca37ab0541n%40googlegroups.com
> .
> >
> > --
> > Jack Morgan
> >
> > --
> > You received this message because you are subscribed to the Google 
> Groups "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send 
> an email to ansible-proje...@googlegroups.com.
> > To view this discussion on the web visit 
> https://groups.google.com/d/msgid/ansible-project/d9ac2972-1b8c-6e0e-a728-12d6b0fe7844%40jento.io
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/16299ab8-eb1f-4948-9131-7eaf477c351bn%40googlegroups.com.