Another use case to consider (that I myself have come up against) is configuring the bastion per-host from a dynamic inventory. The servers need to use a different bastion depending on their role and location.
On Wed, Oct 29, 2014 at 12:17 PM, erewh0n <[email protected]> wrote: > Thinking on this a bit more ... it seems there are two use cases here: how > to dynamically change your SSH control connection during playbook execution > and how to subsequently refer to the new bastion host on subsequent calls to > ansible-playbook. If you could set SSH arguments per play, then I think > both of these cases are addressed: > > - hosts: all > connection: ssh > connection_args: > proxy_host: {{ groups.bastion[0] }} > proxy_port: 22 > user: johndoe > > The 'connection_args' feature implies you no longer require SSH config files > (but could optionally use them if preferred). It could be used dynamically > within a playbook to override your defaults that come from > "ANSIBLE_SSH_ARGS", for example. > > I can see an argument for just specifying raw SSH command line arguments as > well, something like: > > - hosts: all > connection: ssh > connection_args: > command_line: "-o ProxyCommand ssh -W %h:%p -l johndoe johndoe@{{ > groups.bastion[0] }}" > > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/2f75fa3d-cc99-4bc5-aa3b-28562d9d8db9%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJQqANeapTTiKoqLemQsKH%3DGruKvnQp0i50rhAiBBENDP8CqKA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
