mirror of
https://github.com/dawidd6/action-ansible-playbook.git
synced 2025-10-23 22:48:10 -06:00
Add support for SSH Host Key Checking
By default it seems that SSH host key checking has been disabled. This patch makes it optional. If a variable named known_hosts is passed in, the key checking will be enabled. The variable should contain the complete contents of the known_hosts file, which must contain the public key(s) of the host(s) in the inventory.
This commit is contained in:
parent
aad578fcdd
commit
d45b74f42d
4
.github/workflows/test.yml
vendored
4
.github/workflows/test.yml
vendored
@ -65,11 +65,15 @@ jobs:
|
||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||
EOF
|
||||
sudo systemctl restart sshd
|
||||
echo 'SSH_KNOWN_HOSTS<<EOF' >> $GITHUB_ENV
|
||||
echo $(ssh-keyscan localhost) >> $GITHUB_ENV
|
||||
echo 'EOF' >> $GITHUB_ENV
|
||||
- name: With everything
|
||||
uses: ./
|
||||
with:
|
||||
playbook: playbook.yml
|
||||
key: ${{env.SSH_PRIVATE_KEY}}
|
||||
known_hosts: ${{env.SSH_KNOWN_HOSTS}}
|
||||
directory: test
|
||||
vault_password: test
|
||||
requirements: requirements.yml
|
||||
|
@ -22,6 +22,9 @@ inputs:
|
||||
vault_password:
|
||||
description: The password used for decrypting vaulted files
|
||||
required: false
|
||||
known_hosts:
|
||||
description: Contents of SSH known_hosts file
|
||||
required: false
|
||||
options:
|
||||
description: Extra options that should be passed to ansible-playbook command
|
||||
required: false
|
||||
|
22
main.js
22
main.js
@ -12,6 +12,7 @@ async function main() {
|
||||
const key = core.getInput("key")
|
||||
const inventory = core.getInput("inventory")
|
||||
const vaultPassword = core.getInput("vault_password")
|
||||
const knownHosts = core.getInput("known_hosts")
|
||||
const options = core.getInput("options")
|
||||
|
||||
let cmd = ["ansible-playbook", playbook]
|
||||
@ -63,10 +64,27 @@ async function main() {
|
||||
cmd.push(vaultPasswordFile)
|
||||
}
|
||||
|
||||
process.env.ANSIBLE_HOST_KEY_CHECKING = "False"
|
||||
if (knownHosts) {
|
||||
const knownHostsFile = ".ansible_known_hosts"
|
||||
fs.writeFileSync(knownHostsFile, knownHosts, { mode: 0600 })
|
||||
core.saveState("knownHostsFile", knownHostsFile)
|
||||
let known_hosts_param = [
|
||||
"--ssh-common-args=",
|
||||
"\"",
|
||||
"-o UserKnownHostsFile=",
|
||||
knownHostsFile,
|
||||
"\""
|
||||
].join('')
|
||||
cmd.push(known_hosts_param)
|
||||
process.env.ANSIBLE_HOST_KEY_CHECKING = "True"
|
||||
} else {
|
||||
process.env.ANSIBLE_HOST_KEY_CHECKING = "False"
|
||||
}
|
||||
|
||||
process.env.ANSIBLE_FORCE_COLOR = "True"
|
||||
|
||||
await exec.exec(cmd.join(" "))
|
||||
await exec.exec(cmd.join(' '))
|
||||
|
||||
} catch (error) {
|
||||
core.setFailed(error.message)
|
||||
}
|
||||
|
5
post.js
5
post.js
@ -14,6 +14,7 @@ async function main() {
|
||||
const keyFile = core.getState("keyFile")
|
||||
const inventoryFile = core.getState("inventoryFile")
|
||||
const vaultPasswordFile = core.getState("vaultPasswordFile")
|
||||
const knownHostsFile = core.getState("knownHostsFile")
|
||||
|
||||
if (directory)
|
||||
process.chdir(directory)
|
||||
@ -26,6 +27,10 @@ async function main() {
|
||||
|
||||
if (vaultPasswordFile)
|
||||
rm(vaultPasswordFile)
|
||||
|
||||
if (knownHostsFile)
|
||||
rm(knownHostsFile)
|
||||
|
||||
} catch (error) {
|
||||
core.setFailed(error.message)
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user