Make it possible to tell paramiko to not record new host keys, which can be slow…

Make it possible to tell paramiko to not record new host keys, which can be slow with a large number of hosts. -c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you can turn off recording while leaving host key checking on, etc.

Make it possible to tell paramiko to not record new host keys, which can be slow…
Make it possible to tell paramiko to not record new host keys, which can be slow with a large number of hosts. -c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you can turn off recording while leaving host key checking on, etc.
d4a595b2 · Michael DeHaan · 715f25ef · d4a595b2 · d4a595b2 · d4a595b2
Commit d4a595b2 authored Jul 05, 2013 by Michael DeHaan
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 3 deletions

examples/ansible.cfg
+5 -1

lib/ansible/constants.py
+2 -1

lib/ansible/runner/connection_plugins/paramiko_ssh.py
+6 -1

No files found.
--- a/examples/ansible.cfg
+++ b/examples/ansible.cfg
@@ -94,7 +94,11 @@ filter_plugins     = /usr/share/ansible_plugins/filter_plugins

 [paramiko_connection]

-# nothing to configure yet
+# uncomment this line to cause the paramiko connection plugin to not record new host
+# keys encountered.  Increases performance.  Setting works independently of the
+# host key checking setting above.
+
+#record_host_keys=False

 [ssh_connection]


--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@@ -126,7 +126,8 @@ DEFAULT_LOG_PATH               = shell_expand_path(get_config(p, DEFAULTS, 'log_

 ANSIBLE_NOCOWS                 = get_config(p, DEFAULTS, 'nocows', 'ANSIBLE_NOCOWS', None)
 ANSIBLE_SSH_ARGS               = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', None)
-ZEROMQ_PORT                    = int(get_config(p, 'fireball', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))
+PARAMIKO_RECORD_HOST_KEYS      = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True)
+ZEROMQ_PORT                    = int(get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))

 HOST_KEY_CHECKING              = get_config(p, DEFAULTS, 'host_key_checking',  'ANSIBLE_HOST_KEY_CHECKING',    True, boolean=True)


--- a/lib/ansible/runner/connection_plugins/paramiko_ssh.py
+++ b/lib/ansible/runner/connection_plugins/paramiko_ssh.py
@@ -303,9 +303,14 @@ class Connection(object):
        if self.sftp is not None:
            self.sftp.close()

-        if self._any_keys_added():
+        if C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added():
+
            # add any new SSH host keys -- warning -- this could be slow
            lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock") 
+            dirname = os.path.dirname(self.keyfile)
+            if not os.path.exists(dirname):
+                os.makedirs(dirname)
+
            KEY_LOCK = open(lockfile, 'w')
            fcntl.lockf(KEY_LOCK, fcntl.LOCK_EX)
            try: