I use bastions for nearly all of my communication with servers. It is all done via my ~/.ssh/config file. Something like:
Host bastion User myuser HostName bastion.example.org ProxyCommand none IdentityFile ~/.ssh/id_rsa BatchMode yes PasswordAuthentication no Host * ServerAliveInterval 60 TCPKeepAlive yes ProxyCommand ssh -qaY bastion 'nc -w 14400 %h %p' ControlMaster auto ControlPath ~/.ssh/mux-%r@%h:%p ControlPersist 8h In ~/.ansible.cfg I then have [ssh_connection] ssh_args = -o ControlPersist=15m -F ~/.ssh/config scp_if_ssh = True control_path = ~/.ssh/mux-%%r@%%h:%%p Nothing else required. I execute ansible and all my connections go through the bastion. Your "Host *" might benefit from being more targeted. In any case, I also have to use these same configs for normal SSH access, so for me it makes sense to just have them in my ssh config. I really don't see a need to modify anything within Ansible to do this. -- Matt Martz [email protected] On February 5, 2014 at 2:09:24 PM, Adam Heath ([email protected]) wrote: I just looked over ssh.py and ssh_old.py; if I were to actually want to sit down and do this, I would factor those 2 classes, into a common base class, then introduce a third version that supported ProxyCommand. ps: I notice something odd in the two files above: == - def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su=False, su_user=None): + def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False): == Why is the order of the last 2 args reversed for those two files? Seems like it might cause some confusion. On 02/05/2014 01:51 PM, Adam Heath wrote: > I've had musings on that too. Currently, I think you'd have to manually > configure $HOME/.ssh/config, with ProxyCommand. > > However, I just had a thought. What if there was an > ansible_ssh_proxy=$other_inventory_host feature? When set, ansible > would auto-add the -o ProxyCommand="$something". > > This is just some random brainstorm ramblings. > > On 02/05/2014 12:59 PM, Jeff Lord wrote: >> Hello, >> >> I am building out an env in AWS using ansible and would like to >> configure all of my hosts by running through a single bastion host which >> has port 22 open. >> Laptop -> AWS Bastion -> AWS private network instances >> >> Is there a good example of how to configure the proxy around? >> >> Thank You in advance, > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
