Make it possible to tell paramiko to not record new host keys, which can be slow with a large number of hosts.

-c ssh is preferred in most cases if you have ControlPersist available, otherwise if you are comfortable you can turn off recording while leaving host key checking on, etc.
2013-07-05 21:42:41 -04:00 · 2013-07-05 21:42:41 -04:00 · cf6e1f8db9
commit cf6e1f8db9
parent 14818af446
3 changed files with 13 additions and 3 deletions
--- a/examples/ansible.cfg
+++ b/examples/ansible.cfg
@ -90,7 +90,11 @@ filter_plugins     = /usr/share/ansible_plugins/filter_plugins

 [paramiko_connection]

-# nothing configurable yet
+# uncomment this line to cause the paramiko connection plugin to not record new host
+# keys encountered.  Increases performance.  Setting works independently of the
+# host key checking setting above.
+
+#record_host_keys=False

 [ssh_connection]

--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@ -127,7 +127,8 @@ DEFAULT_LOG_PATH               = shell_expand_path(get_config(p, DEFAULTS, 'log_

 ANSIBLE_NOCOWS                 = get_config(p, DEFAULTS, 'nocows', 'ANSIBLE_NOCOWS', None)
 ANSIBLE_SSH_ARGS               = get_config(p, 'ssh_connection', 'ssh_args', 'ANSIBLE_SSH_ARGS', None)
-ZEROMQ_PORT                    = int(get_config(p, 'fireball', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))
+PARAMIKO_RECORD_HOST_KEYS      = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True)
+ZEROMQ_PORT                    = int(get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099))

 DEFAULT_UNDEFINED_VAR_BEHAVIOR = get_config(p, DEFAULTS, 'error_on_undefined_vars', 'ANSIBLE_ERROR_ON_UNDEFINED_VARS', False, boolean=True)
 HOST_KEY_CHECKING              = get_config(p, DEFAULTS, 'host_key_checking',  'ANSIBLE_HOST_KEY_CHECKING',    True, boolean=True)
--- a/lib/ansible/runner/connection_plugins/paramiko_ssh.py
+++ b/lib/ansible/runner/connection_plugins/paramiko_ssh.py
@ -303,9 +303,14 @@ class Connection(object):
        if self.sftp is not None:
            self.sftp.close()

-        if self._any_keys_added():
+        if C.PARAMIKO_RECORD_HOST_KEYS and self._any_keys_added():
+
            # add any new SSH host keys -- warning -- this could be slow
            lockfile = self.keyfile.replace("known_hosts",".known_hosts.lock") 
+            dirname = os.path.dirname(self.keyfile)
+            if not os.path.exists(dirname):
+                os.makedirs(dirname)
+
            KEY_LOCK = open(lockfile, 'w')
            fcntl.lockf(KEY_LOCK, fcntl.LOCK_EX)
            try: