Hi Todd,
Thank you for sharing the same, however, I have already checked this
article.
I have a requirement to connect Host-A then I can connect Host-B. I can’t
connect Host-B directly. So in this case how to execute the playbook task
on Host-B from Control Machine? Because my control machine is centralized.
Hence, my question is how to execute the playbook task on Host-B directly
from the control machine via bastion host-: Below is an example of how I am
connecting to the remote host via bastion host using ssh. ssh
user@<remote-host IP>@<bastion-host-IP> -p 8022 In the playbook I have
created the inventory, however, while running the same I am getting the
below error-: cat lab.txt [need_bastion] bastion-host [need_bastion:vars]
ansible_ssh_common_args='-o StrictHostKeyChecking=no -o
ProxyJump="user@<remote-host>@<bastion-host>:8022"' PLAY [copy file from
jump to remote servers]
********************************************************************************************************
TASK [copy node exporter package]
************************************************************************************************************************
Password: Password: fatal: [IP]: UNREACHABLE! => {"changed": false, "msg":
"Failed to connect to the host via ssh: Connection timed out during banner
exchange", "unreachable": true} PLAY RECAP
***********************************************************************************************************************************************
IP : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
On Monday, April 3, 2023 at 2:21:53 AM UTC+5:30 Todd Zullinger wrote:
Will McDonald wrote:
> https://www.jeffgeerling.com/blog/2022/
> using-ansible-playbook-ssh-bastion-jump-host
Odd that uses ProxyCommand in `ansible_ssh_common_args` and
not the far simpler ProxyJump, which it does mention in the
~/.ssh/config method. The `-J` shortcut for that is even
better.
Perhaps it does that to illsutrate a more complex use case,
where the bastion runs on a different port, but if you're
not doing that, it's likely simpler to skip it and use the
`-J` argument.
I would expect (but have not tested) this works:
ansible_ssh_common_args='-J $your_bastion_hostname'
ProxyJump / -J was added in OpenSSH-7.3 -- so it's surely on
any host folks would be using as an ansible control host.
--
Todd
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/4765020f-4259-472a-af7c-a47af04b70e8n%40googlegroups.com.
