mirror of
				https://github.com/dawidd6/action-ansible-playbook.git
				synced 2025-10-24 23:08:10 -06:00 
			
		
		
		
	Add support for SSH Host Key Checking
By default it seems that SSH host key checking has been disabled. This patch makes it optional. If a variable named known_hosts is passed in, the key checking will be enabled. The variable should contain the complete contents of the known_hosts file, which must contain the public key(s) of the host(s) in the inventory.
This commit is contained in:
		
							parent
							
								
									aad578fcdd
								
							
						
					
					
						commit
						d45b74f42d
					
				
							
								
								
									
										4
									
								
								.github/workflows/test.yml
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										4
									
								
								.github/workflows/test.yml
									
									
									
									
										vendored
									
									
								
							| @ -65,11 +65,15 @@ jobs: | |||||||
|             Subsystem sftp /usr/lib/openssh/sftp-server |             Subsystem sftp /usr/lib/openssh/sftp-server | ||||||
|           EOF |           EOF | ||||||
|           sudo systemctl restart sshd |           sudo systemctl restart sshd | ||||||
|  |           echo 'SSH_KNOWN_HOSTS<<EOF' >> $GITHUB_ENV | ||||||
|  |           echo $(ssh-keyscan localhost) >> $GITHUB_ENV | ||||||
|  |           echo 'EOF' >> $GITHUB_ENV | ||||||
|       - name: With everything |       - name: With everything | ||||||
|         uses: ./ |         uses: ./ | ||||||
|         with: |         with: | ||||||
|           playbook: playbook.yml |           playbook: playbook.yml | ||||||
|           key: ${{env.SSH_PRIVATE_KEY}} |           key: ${{env.SSH_PRIVATE_KEY}} | ||||||
|  |           known_hosts: ${{env.SSH_KNOWN_HOSTS}} | ||||||
|           directory: test |           directory: test | ||||||
|           vault_password: test |           vault_password: test | ||||||
|           requirements: requirements.yml |           requirements: requirements.yml | ||||||
|  | |||||||
| @ -22,6 +22,9 @@ inputs: | |||||||
|   vault_password: |   vault_password: | ||||||
|     description: The password used for decrypting vaulted files |     description: The password used for decrypting vaulted files | ||||||
|     required: false |     required: false | ||||||
|  |   known_hosts: | ||||||
|  |     description: Contents of SSH known_hosts file | ||||||
|  |     required: false | ||||||
|   options: |   options: | ||||||
|     description: Extra options that should be passed to ansible-playbook command |     description: Extra options that should be passed to ansible-playbook command | ||||||
|     required: false |     required: false | ||||||
|  | |||||||
							
								
								
									
										22
									
								
								main.js
									
									
									
									
									
								
							
							
						
						
									
										22
									
								
								main.js
									
									
									
									
									
								
							| @ -12,6 +12,7 @@ async function main() { | |||||||
|         const key = core.getInput("key") |         const key = core.getInput("key") | ||||||
|         const inventory = core.getInput("inventory") |         const inventory = core.getInput("inventory") | ||||||
|         const vaultPassword = core.getInput("vault_password") |         const vaultPassword = core.getInput("vault_password") | ||||||
|  |         const knownHosts = core.getInput("known_hosts") | ||||||
|         const options = core.getInput("options") |         const options = core.getInput("options") | ||||||
| 
 | 
 | ||||||
|         let cmd = ["ansible-playbook", playbook] |         let cmd = ["ansible-playbook", playbook] | ||||||
| @ -63,10 +64,27 @@ async function main() { | |||||||
|             cmd.push(vaultPasswordFile) |             cmd.push(vaultPasswordFile) | ||||||
|         } |         } | ||||||
| 
 | 
 | ||||||
|         process.env.ANSIBLE_HOST_KEY_CHECKING = "False" |         if (knownHosts) { | ||||||
|  |             const knownHostsFile = ".ansible_known_hosts" | ||||||
|  |             fs.writeFileSync(knownHostsFile, knownHosts, { mode: 0600 }) | ||||||
|  |             core.saveState("knownHostsFile", knownHostsFile) | ||||||
|  |             let known_hosts_param = [ | ||||||
|  |                 "--ssh-common-args=", | ||||||
|  |                 "\"", | ||||||
|  |                 "-o UserKnownHostsFile=", | ||||||
|  |                 knownHostsFile, | ||||||
|  |                 "\"" | ||||||
|  |             ].join('') | ||||||
|  |             cmd.push(known_hosts_param) | ||||||
|  |             process.env.ANSIBLE_HOST_KEY_CHECKING = "True" | ||||||
|  |         } else { | ||||||
|  |             process.env.ANSIBLE_HOST_KEY_CHECKING = "False" | ||||||
|  |         } | ||||||
|  | 
 | ||||||
|         process.env.ANSIBLE_FORCE_COLOR = "True" |         process.env.ANSIBLE_FORCE_COLOR = "True" | ||||||
| 
 | 
 | ||||||
|         await exec.exec(cmd.join(" ")) |         await exec.exec(cmd.join(' ')) | ||||||
|  | 
 | ||||||
|     } catch (error) { |     } catch (error) { | ||||||
|         core.setFailed(error.message) |         core.setFailed(error.message) | ||||||
|     } |     } | ||||||
|  | |||||||
							
								
								
									
										5
									
								
								post.js
									
									
									
									
									
								
							
							
						
						
									
										5
									
								
								post.js
									
									
									
									
									
								
							| @ -14,6 +14,7 @@ async function main() { | |||||||
|         const keyFile = core.getState("keyFile") |         const keyFile = core.getState("keyFile") | ||||||
|         const inventoryFile = core.getState("inventoryFile") |         const inventoryFile = core.getState("inventoryFile") | ||||||
|         const vaultPasswordFile = core.getState("vaultPasswordFile") |         const vaultPasswordFile = core.getState("vaultPasswordFile") | ||||||
|  |         const knownHostsFile = core.getState("knownHostsFile") | ||||||
| 
 | 
 | ||||||
|         if (directory) |         if (directory) | ||||||
|             process.chdir(directory) |             process.chdir(directory) | ||||||
| @ -26,6 +27,10 @@ async function main() { | |||||||
| 
 | 
 | ||||||
|         if (vaultPasswordFile) |         if (vaultPasswordFile) | ||||||
|             rm(vaultPasswordFile) |             rm(vaultPasswordFile) | ||||||
|  | 
 | ||||||
|  |         if (knownHostsFile) | ||||||
|  |             rm(knownHostsFile) | ||||||
|  | 
 | ||||||
|     } catch (error) { |     } catch (error) { | ||||||
|         core.setFailed(error.message) |         core.setFailed(error.message) | ||||||
|     } |     } | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user