Allow connecting to bastion via non-standard SSH port (#7396)
* Allow connecting to bastion via non-standard port
* Fix bastion connection when ansible_port is not provided
(cherry picked from commit 6fa3565dac
)
This commit is contained in:
parent
44d1f83ee9
commit
65aa9213d4
3 changed files with 4 additions and 3 deletions
|
@ -1,7 +1,8 @@
|
|||
---
|
||||
- name: set bastion host IP
|
||||
- name: set bastion host IP and port
|
||||
set_fact:
|
||||
bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
|
||||
bastion_port: "{{ hostvars[groups['bastion'][0]]['ansible_port'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_port']) | d(22) }}"
|
||||
delegate_to: localhost
|
||||
connection: local
|
||||
|
||||
|
|
|
@ -15,4 +15,4 @@ Host {{ bastion_ip }}
|
|||
ControlPersist 5m
|
||||
|
||||
Host {{ vars['hosts'] }}
|
||||
ProxyCommand ssh -F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p {{ real_user }}@{{ bastion_ip }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}
|
||||
ProxyCommand ssh -F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -p {{ bastion_port }} {{ real_user }}@{{ bastion_ip }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
# Use proxycommand if bastion host is in group all
|
||||
# This change obseletes editing ansible.cfg file depending on bastion existence
|
||||
ansible_ssh_common_args: "{% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}"
|
||||
ansible_ssh_common_args: "{% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -p {{ hostvars['bastion']['ansible_port'] | default(22) }} {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}"
|
||||
|
||||
# selinux state
|
||||
preinstall_selinux_state: permissive
|
||||
|
|
Loading…
Reference in a new issue