Skip to content

Commit

Permalink
Merge pull request #4851 from ryanpetrello/fix-host-key-checking
Browse files Browse the repository at this point in the history 
improve host key checking configurability

Reviewed-by: https://github.com/apps/softwarefactory-project-zuul
  • Loading branch information
@softwarefactory-project-zuul
softwarefactory-project-zuul[bot] committed Sep 30, 2019
2 parents ff8e896 + 82be875 commit b858001
Show file tree
Hide file tree
Showing 5 changed files with 20 additions and 1 deletion.
10 changes: 10 additions & 0 deletions awx/main/conf.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,16 @@ def _load_default_license_from_file():
category_slug='jobs',
)

register(
'AWX_ISOLATED_HOST_KEY_CHECKING',
field_class=fields.BooleanField,
label=_('Isolated host key checking'),
help_text=_('When set to True, AWX will enforce strict host key checking for communication with isolated nodes.'),
category=_('Jobs'),
category_slug='jobs',
default=False
)

register(
'AWX_ISOLATED_KEY_GENERATION',
field_class=fields.BooleanField,
Expand Down
2 changes: 1 addition & 1 deletion awx/main/isolated/manager.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ def __init__(self, cancelled_callback=None, check_callback=None):
def build_runner_params(self, hosts, verbosity=1):
env = dict(os.environ.items())
env['ANSIBLE_RETRY_FILES_ENABLED'] = 'False'
env['ANSIBLE_HOST_KEY_CHECKING'] = 'False'
env['ANSIBLE_HOST_KEY_CHECKING'] = str(settings.AWX_ISOLATED_HOST_KEY_CHECKING)
env['ANSIBLE_LIBRARY'] = os.path.join(os.path.dirname(awx.__file__), 'plugins', 'isolated')
set_pythonpath(os.path.join(settings.ANSIBLE_VENV_PATH, 'lib'), env)

Expand Down
1 change: 1 addition & 0 deletions awx/main/management/commands/test_isolated_connection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ def handle(self, *args, **options):
]):
ssh_key = settings.AWX_ISOLATED_PRIVATE_KEY
env = dict(os.environ.items())
env['ANSIBLE_HOST_KEY_CHECKING'] = str(settings.AWX_ISOLATED_HOST_KEY_CHECKING)
set_pythonpath(os.path.join(settings.ANSIBLE_VENV_PATH, 'lib'), env)
res = ansible_runner.interface.run(
private_data_dir=path,
Expand Down
5 changes: 5 additions & 0 deletions awx/settings/defaults.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -403,6 +403,11 @@ def IS_TESTING(argv=None):
EMAIL_HOST_PASSWORD = ''
EMAIL_USE_TLS = False

# Default to skipping isolated host key checking (the initial connection will
# hang on an interactive "The authenticity of host example.org can't be
# established" message)
AWX_ISOLATED_HOST_KEY_CHECKING = False

# The number of seconds to sleep between status checks for jobs running on isolated nodes
AWX_ISOLATED_CHECK_INTERVAL = 30

Expand Down
3 changes: 3 additions & 0 deletions awx/ui/client/src/configuration/forms/jobs-form/configuration-jobs.form.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,9 @@ export default ['i18n', function(i18n) {
codeMirror: true,
class: 'Form-textAreaLabel Form-formGroup--fullWidth'
},
AWX_ISOLATED_HOST_KEY_CHECKING: {
type: 'toggleSwitch',
},
AWX_ISOLATED_CHECK_INTERVAL: {
type: 'text',
reset: 'AWX_ISOLATED_CHECK_INTERVAL'
Expand Down

0 comments on commit b858001

Please sign in to comment.