From 6cdbf202f7b5a2763600a55fa27f6e70495f608b Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@osism.tech>
Date: Mon, 16 Mar 2026 20:09:39 +0100
Subject: [PATCH] Fix intermittent host key verification failures in ansible
 tasks

With high fork counts (e.g. 50), multiple SSH processes within a single
ansible-playbook run read/write the shared known_hosts file simultaneously,
causing race conditions that lead to "Host key verification failed" errors.

AI-assisted: Claude Code

Signed-off-by: Christian Berendt <berendt@osism.tech>
---
 osism/tasks/__init__.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/osism/tasks/__init__.py b/osism/tasks/__init__.py
index 88fbf047..c4ed0795 100644
--- a/osism/tasks/__init__.py
+++ b/osism/tasks/__init__.py
@@ -177,6 +177,12 @@ def run_ansible_in_environment(
     # This ensures Ansible's Python process flushes stdout immediately
     env["PYTHONUNBUFFERED"] = "1"
 
+    # Disable SSH host key checking to prevent intermittent "Host key verification
+    # failed" errors. With high fork counts (e.g. 50), multiple SSH processes within
+    # a single ansible-playbook run read/write the shared known_hosts file
+    # simultaneously, causing race conditions and file corruption.
+    env["ANSIBLE_HOST_KEY_CHECKING"] = "False"
+
     # Use a unique SSH ControlPath directory per task to prevent race conditions
     # when multiple Celery workers connect to the same host simultaneously.
     # Without this, concurrent Ansible runs share the same ControlMaster socket,