Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Ansible :execute playbook from localhost through bastion host

Tags:

ansible

I am newbie to the ansible

We are doing our deployments via ansible and a bastion host is provisioned for the deployments.

The current approach I am using is to clone the ansible repo in bastion host and run the commands from that folder

My question is it possible to run the ansible code through the local machine through bastion??

(basically, avoid the repo in bastion host)

like image 783
shellakkshellu Avatar asked Jan 26 '23 04:01

shellakkshellu

2 Answers

Let's say you want to provision a couple of VMs 172.20.0.10 and 172.20.0.11 in your development environment going through your 172.20.0.1 bastion. Your inventory looks a bit like this

[development]
172.20.0.10
172.20.0.11

Then you can edit your ~/.ssh/config and add

Host bastion
    Hostname 172.20.0.1
    User youruser

Host 172.20.*
    ProxyJump bastion
    User youruser

Then you can test a ssh 172.20.0.10 that should land you in your first VM. If it works for SSH, Ansible should work the same.

Note, you can run ansible with -vvv (or is it one more v, not sure atm), you'll see the SSH commands Ansible is running.

Note 2, ProxyJump requires a recent OpenSSH, 6.7 at least if I remember correctly

like image 134
Rémy Avatar answered Feb 24 '23 07:02

Rémy

Using this data

host remoto : 10.0.1.121
user remoto : application_user
ssh key : app_ssh_key

host bastian : 212.34.345.12
user bastian : bastian_user
ssh key: bastian_ssh_key

and using key to access with ssh (you have to store keys in a secure storage, not with ansible playbook).

In a ssh single command

$ ssh [email protected] -i path/to/app_ssh_key \
  -o ProxyCommand="ssh -q [email protected] -i path/to/bastian_ssh_key -W %h:%p"

In ansible

you can use two method:

Method 1

Use variables for inventory machine/group, in order to have different connection option for different machine/group.

Add to inventory file:

[remote-vm]
10.0.1.121

[remote-vm:vars]
ansible_ssh_user=application_user
ansible_ssh_private_key_file=path/to/app_ssh_key
ansible_ssh_common_args= -o ProxyCommand="ssh -q [email protected] -i path/to/bastian_ssh_key -W %h:%p"

Method 2

Single configuration valid for all inventory machines.

Add to/replace in ansible.cfg:

[defaults]
remote_user = application_user

[ssh_connection]
ssh_args=-i path/to/app_ssh_key -o ProxyCommand="ssh -q [email protected] -i path/to/bastian_ssh_key -W %h:%p"
like image 28
daveaie Avatar answered Feb 24 '23 07:02

daveaie
Sign in to Comment

Related questions

Running Virtual Environment Ansible
ansible: call same role with differents vars in a playbook
How to add a callback plugin to a PlaybookExecutor in Ansible 2
Edit files using lineinfile and blockinfile or just copy the entire file using template?
Ansible conditionally delegate_to local or remote?
Parsing Ansible output with Linux tools
Ansible - Retry task until a file contains a log line
Creating list of ip's in ansible using given range within jinja template
How to include the Ansible config file in the ansible-playbook command?
Printing file systems in ansible_mounts
How to fetch Azure RM storage account keys in Ansible?
Limit ansible playbook by `hosts` of plays
Ansible: Create variables from json string
using pm2 with ansible
How can I install Ansible on Raspbian?
How to create the multiple symlinks for the folders/files under the same source
Ansible - Filter a dict with a list of keys
Searching for key in a list of dicts in Ansible [duplicate]
Ansible map dictionary items to a list [duplicate]
Ansible aws_s3 module fails says Boto3 is missing when it is not

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!