I need to make sure, that all my servers per default trust each other, so I don't have to be prompted to trust the hosts when I setup ssh tunnels between my servers. How can I do that with ansible?
All my servers are stop with host names which can be accessed via: "{{ groups['all'] }}"
You've got a couple of options here.
You can ignore known_hosts entirely by adding
StrictHostKeyChecking no
To each servers' /etc/ssh/ssh_config.
Or you could use ssh-keyscan to add all of the hosts to each servers' known hosts with the equivalent of:
ssh-keyscan -H {host_name} >> path/to/known_hosts
This might look something like:
name: Add all hosts in inventory to known_hosts
shell: ssh-keyscan -H {{ item }} >> path/to/known_hosts
with_items: "{{ groups['all'] }}"
Here in my answer to "How to include all host keys from all hosts in group" I created a small Ansible look-up module host_ssh_keys to extract public SSH keys from the host inventory, which I believe addresses your use-case.
Adding all hosts' public ssh keys to /etc/ssh/ssh_known_hosts is then as simple as this, thanks to Ansible's integration of loops with look-up plugins:
- name: Add public keys of inventory hosts to known_hosts
ansible.builtin.known_hosts:
path: /etc/ssh/ssh_known_hosts
name: "{{ item.host }}"
key: "{{ item.known_hosts }}"
with_host_ssh_keys: "{{ groups['mygroup'] }}"
