Configurable SSH options

Context

Projects which are using pytest-ansible are directly SSHing to the provisioned hosts. They can be using the ansible inventory generated by Mrack as an inventory and thus a connection information.

In testing environments where hosts changes and the tools are not expecting actions from users, there might be some common options which users want to configure.

Such as:

  • -o 'StrictHostKeyChecking=no' for accepting unknown hosts
  • -o 'UserKnownHostsFile=/dev/null' for not remembering the hosts and thus being able to destroy them, recreate new with same hostname and still work.
  • -o 'ServerAliveInterval=60', -o 'ServerAliveCountMax=5' for more resilient SSH connection

Mrack is already using StrictHostKeyChecking and UserKnownHostsFile in its ssh connection check, but they are not part of inventory and thus an SSH connection from Ansible, if similar options are not provided by other means, will fail.

Design

Proposal is to extend provisioning config file to be able to define additional SSH options.

Example provisioning config snippet:

ssh:
    options:
        StrictHostKeyChecking: 'no'
        UserKnownHostsFile: /dev/null
        ForwardX11: 'no'
        ServerAliveInterval: 60
        ServerAliveCountMax: 5

These values will be then used by mrack’s SSH connections check and will be added to generated Ansible inventory.

The design also allows the following future enhancements:

  • possible to configure similar overrides per provider and merge them
  • having it defined per-host or as global override in job metadata file
  • using these values by te for command step
  • extending the ssh dict by args (not only options)
  • having common method for loading the attrs makes it usable also for other outputs

Default value

If provisioning config doesn’t have defined the ssh.options key then mrack will use the following default values:

StrictHostKeyChecking: 'no'
UserKnownHostsFile: /dev/null

This also means that having empty ssh.options will effectively clean the defaults and mrack will not use any options.

Ansible inventory output

The generated ansible inventory will be extended the the following way.

Each host dictionary will be extended with ansible_ssh_common_args key with the content of the options formatted in CLI way.

E.g.:

ansible_ssh_common_args: -o 'StrictHostKeyChecking=no' -o 'UserKnownHostsFile=/dev/null'

ansible_ssh_common_args was chosen instead of ansible_ssh_extra_args as these options can be potentially useful also for scp and sftp case.

Reference: