Ansible:如何正确跳过ssh第一次连接到新主机?

上下文: 我正在尝试自动提供新的服务器,但当新机器诞生时,我的ansible playbook会从我的配置服务器中与之对抗,通常会弹出一条消息:

The authenticity of host '192.168.1.25 (192.168.1.25)' can't be established.
ECDSA key fingerprint is SHA256:QF/AyFhYXaz5bjZ1O+kvceoOjBzmI8M1PYmg3lukYmE.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

我知道这个问题已经被回答了好几次了,但我不想把这一行添加到我的。cfg文件或在启动ansible playbook命令时提供相对参数。

问题: 所以这个答案引起了我的注意 https://stackoverflow.com/a/54735937/18647199

我将这两个任务复制粘贴到我的剧本中,如果它们单独存在,脚本就会正常运行。跳过上述提示(即使它在我仍然需要进行第一次连接的服务器上跳过),请参见:

TASK [Check known_hosts for 192.168.1.14] **************************************
ok: [192.168.1.16 -> localhost]
ok: [192.168.1.14 -> localhost]
ok: [192.168.1.25 -> localhost]

TASK [Ignore host key for 192.168.1.14 on first run] ***************************
skipping: [192.168.1.14]
skipping: [192.168.1.16]
skipping: [192.168.1.25]

PLAY RECAP *********************************************************************
192.168.1.14               : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
192.168.1.16               : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0   
192.168.1.25               : ok=1    changed=0    unreachable=0    failed=0    skipped=1    rescued=0    ignored=0  

但如果我只向其中添加了一个任务,它会再次请求我尝试跳过的auth提示。 p、 使用OpenSSH,最新版本。

我正在尝试运行的内容:

---

#all

- hosts: all
  #connection: local
  become: true
  gather_facts: false #otherwise ssh prompt appears
  tasks:

  - name: Check known_hosts
    local_action: shell ssh-keygen -F "{{ inventory_hostname }}"
    register: is_known
    failed_when: false
    changed_when: false
    ignore_errors: yes

  - name: debug message
    debug:
      msg: the "{{ inventory_hostname }}"" was tested with output "{{ is_known }}"


  - name: Ignore host key for "{{ inventory_hostname }}" on first run
    when: is_known.rc == 1
    set_fact:
      ansible_ssh_common_args: '-o StrictHostKeyChecking=no'

 
 
  - name: Bootstrap check
    stat:
      path: /home/bot/bootstrapped-ok
    register: bootstrap_result

[..] 更多代码

调试输出:

    ansible-playbook debug-bootstrap.yml 

PLAY [all] *********************************************************************

TASK [Check known_hosts] *******************************************************
ok: [192.168.1.16 -> localhost]
ok: [192.168.1.14 -> localhost]
ok: [192.168.1.25 -> localhost]

TASK [debug message] ***********************************************************
ok: [192.168.1.14] => {
    "msg": "the \"192.168.1.14\"\" was tested with output \"{'msg': 'non-zero return code', 'cmd': 'ssh-keygen -F \"192.168.1.14\"', 'stdout': '', 'stderr': 'do_known_hosts: hostkeys_foreach failed: No such file or directory', 'rc': 255, 'start': '2022-04-02 12:30:50.940041', 'end': '2022-04-02 12:30:50.943287', 'delta': '0:00:00.003246', 'changed': False, 'failed': False, 'stdout_lines': [], 'stderr_lines': ['do_known_hosts: hostkeys_foreach failed: No such file or directory'], 'failed_when_result': False}\""
}
ok: [192.168.1.16] => {
    "msg": "the \"192.168.1.16\"\" was tested with output \"{'msg': 'non-zero return code', 'cmd': 'ssh-keygen -F \"192.168.1.16\"', 'stdout': '', 'stderr': 'do_known_hosts: hostkeys_foreach failed: No such file or directory', 'rc': 255, 'start': '2022-04-02 12:30:50.937097', 'end': '2022-04-02 12:30:50.941015', 'delta': '0:00:00.003918', 'changed': False, 'failed': False, 'stdout_lines': [], 'stderr_lines': ['do_known_hosts: hostkeys_foreach failed: No such file or directory'], 'failed_when_result': False}\""
}
ok: [192.168.1.25] => {
    "msg": "the \"192.168.1.25\"\" was tested with output \"{'msg': 'non-zero return code', 'cmd': 'ssh-keygen -F \"192.168.1.25\"', 'stdout': '', 'stderr': 'do_known_hosts: hostkeys_foreach failed: No such file or directory', 'rc': 255, 'start': '2022-04-02 12:30:50.978944', 'end': '2022-04-02 12:30:50.982119', 'delta': '0:00:00.003175', 'changed': False, 'failed': False, 'stdout_lines': [], 'stderr_lines': ['do_known_hosts: hostkeys_foreach failed: No such file or directory'], 'failed_when_result': False}\""
}

TASK [Ignore host key for "192.168.1.14" on first run] *************************
skipping: [192.168.1.14]
skipping: [192.168.1.16]
skipping: [192.168.1.25]

TASK [Bootstrap check] *********************************************************
The authenticity of host '192.168.1.25 (192.168.1.25)' can't be established.
ECDSA key fingerprint is SHA256:QF/AyFhYXaz5bjZ1O+kvceoOjBzmI8M1PYmg3lukYmE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? ok: [192.168.1.16]
ok: [192.168.1.14]

因此,命令shell ssh keygen-F“{{inventory\u hostname}}”似乎没有完成它应该做的事情,就好像我们必须通过终端启动它一样。

问题: 是否有人知道如何实现“一次性跳过”,或者有更好的方法来实现完全自动化的资源调配/部署?

(我试图创建一个独特的.yml文件,但结果很少,我遇到了困难,对于如何继续进行全自动资源调配,我已经没有多少想法了)