mirror of
https://github.com/dawidd6/action-ansible-playbook.git
synced 2024-11-22 07:26:25 +00:00
Add support for SSH Host Key Checking
By default it seems that SSH host key checking has been disabled. This patch makes it optional. If a variable named known_hosts is passed in, the key checking will be enabled. The variable should contain the complete contents of the known_hosts file, which must contain the public key(s) of the host(s) in the inventory.
This commit is contained in:
parent
aad578fcdd
commit
d45b74f42d
4 changed files with 32 additions and 2 deletions
4
.github/workflows/test.yml
vendored
4
.github/workflows/test.yml
vendored
|
@ -65,11 +65,15 @@ jobs:
|
||||||
Subsystem sftp /usr/lib/openssh/sftp-server
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
||||||
EOF
|
EOF
|
||||||
sudo systemctl restart sshd
|
sudo systemctl restart sshd
|
||||||
|
echo 'SSH_KNOWN_HOSTS<<EOF' >> $GITHUB_ENV
|
||||||
|
echo $(ssh-keyscan localhost) >> $GITHUB_ENV
|
||||||
|
echo 'EOF' >> $GITHUB_ENV
|
||||||
- name: With everything
|
- name: With everything
|
||||||
uses: ./
|
uses: ./
|
||||||
with:
|
with:
|
||||||
playbook: playbook.yml
|
playbook: playbook.yml
|
||||||
key: ${{env.SSH_PRIVATE_KEY}}
|
key: ${{env.SSH_PRIVATE_KEY}}
|
||||||
|
known_hosts: ${{env.SSH_KNOWN_HOSTS}}
|
||||||
directory: test
|
directory: test
|
||||||
vault_password: test
|
vault_password: test
|
||||||
requirements: requirements.yml
|
requirements: requirements.yml
|
||||||
|
|
|
@ -22,6 +22,9 @@ inputs:
|
||||||
vault_password:
|
vault_password:
|
||||||
description: The password used for decrypting vaulted files
|
description: The password used for decrypting vaulted files
|
||||||
required: false
|
required: false
|
||||||
|
known_hosts:
|
||||||
|
description: Contents of SSH known_hosts file
|
||||||
|
required: false
|
||||||
options:
|
options:
|
||||||
description: Extra options that should be passed to ansible-playbook command
|
description: Extra options that should be passed to ansible-playbook command
|
||||||
required: false
|
required: false
|
||||||
|
|
22
main.js
22
main.js
|
@ -12,6 +12,7 @@ async function main() {
|
||||||
const key = core.getInput("key")
|
const key = core.getInput("key")
|
||||||
const inventory = core.getInput("inventory")
|
const inventory = core.getInput("inventory")
|
||||||
const vaultPassword = core.getInput("vault_password")
|
const vaultPassword = core.getInput("vault_password")
|
||||||
|
const knownHosts = core.getInput("known_hosts")
|
||||||
const options = core.getInput("options")
|
const options = core.getInput("options")
|
||||||
|
|
||||||
let cmd = ["ansible-playbook", playbook]
|
let cmd = ["ansible-playbook", playbook]
|
||||||
|
@ -63,10 +64,27 @@ async function main() {
|
||||||
cmd.push(vaultPasswordFile)
|
cmd.push(vaultPasswordFile)
|
||||||
}
|
}
|
||||||
|
|
||||||
process.env.ANSIBLE_HOST_KEY_CHECKING = "False"
|
if (knownHosts) {
|
||||||
|
const knownHostsFile = ".ansible_known_hosts"
|
||||||
|
fs.writeFileSync(knownHostsFile, knownHosts, { mode: 0600 })
|
||||||
|
core.saveState("knownHostsFile", knownHostsFile)
|
||||||
|
let known_hosts_param = [
|
||||||
|
"--ssh-common-args=",
|
||||||
|
"\"",
|
||||||
|
"-o UserKnownHostsFile=",
|
||||||
|
knownHostsFile,
|
||||||
|
"\""
|
||||||
|
].join('')
|
||||||
|
cmd.push(known_hosts_param)
|
||||||
|
process.env.ANSIBLE_HOST_KEY_CHECKING = "True"
|
||||||
|
} else {
|
||||||
|
process.env.ANSIBLE_HOST_KEY_CHECKING = "False"
|
||||||
|
}
|
||||||
|
|
||||||
process.env.ANSIBLE_FORCE_COLOR = "True"
|
process.env.ANSIBLE_FORCE_COLOR = "True"
|
||||||
|
|
||||||
await exec.exec(cmd.join(" "))
|
await exec.exec(cmd.join(' '))
|
||||||
|
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
core.setFailed(error.message)
|
core.setFailed(error.message)
|
||||||
}
|
}
|
||||||
|
|
5
post.js
5
post.js
|
@ -14,6 +14,7 @@ async function main() {
|
||||||
const keyFile = core.getState("keyFile")
|
const keyFile = core.getState("keyFile")
|
||||||
const inventoryFile = core.getState("inventoryFile")
|
const inventoryFile = core.getState("inventoryFile")
|
||||||
const vaultPasswordFile = core.getState("vaultPasswordFile")
|
const vaultPasswordFile = core.getState("vaultPasswordFile")
|
||||||
|
const knownHostsFile = core.getState("knownHostsFile")
|
||||||
|
|
||||||
if (directory)
|
if (directory)
|
||||||
process.chdir(directory)
|
process.chdir(directory)
|
||||||
|
@ -26,6 +27,10 @@ async function main() {
|
||||||
|
|
||||||
if (vaultPasswordFile)
|
if (vaultPasswordFile)
|
||||||
rm(vaultPasswordFile)
|
rm(vaultPasswordFile)
|
||||||
|
|
||||||
|
if (knownHostsFile)
|
||||||
|
rm(knownHostsFile)
|
||||||
|
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
core.setFailed(error.message)
|
core.setFailed(error.message)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue