--- - set_fact: has_bastion: "{{ 'bastion' in groups['all'] }}" - set_fact: bastion_ip: "{{ hostvars['bastion']['ansible_ssh_host'] }}" when: has_bastion # As we are actually running on localhost, the ansible_ssh_user is your local user when you try to use it directly # To figure out the real ssh user, we delegate this task to the bastion and store the ansible_ssh_user in real_user - set_fact: real_user: "{{ ansible_ssh_user }}" delegate_to: bastion when: has_bastion - name: create ssh bastion conf become: false template: src=ssh-bastion.conf dest="{{ playbook_dir }}/ssh-bastion.conf" when: has_bastion - name: create empty bastion conf in case no bastion is used become: false copy: content="" dest="{{ playbook_dir }}/ssh-bastion.conf" when: not has_bastion