what I would try is 1. create an ~/.ssh/conf file as per the example I sent 2. use Ansible as if there was no jumphost involved at all ---------- Original Message ---------- From: Monica <[email protected]> To: Gunnar Wagner <[email protected]> Date: 04/03/2023 6:11 PM CEST Subject: Re: [ansible-project] Need to automate task via bastion host hi Gunnar, I tried this and the same didn't work out-: [remote-nodes] remote-node-1 ansible_host=<remote-node-1-IP> ansible_user=user ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -p 8022 user@<bastion-host-IP>"' remote-node-2 ansible_host=<remote-node-2-IP> ansible_user=user ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -p 8022 user@<bastion-host-IP>"' On Mon, Apr 3, 2023 at 6:00 PM Gunnar Wagner <[email protected] mailto:[email protected]> wrote:
> it is not quite clear what exactly you have tried & did not work > > > On 04/03/2023 12:32 PM CEST Monica <[email protected] > > mailto:[email protected]> wrote: > > > > > > Hi Todd, > > > > Thank you for explaining the same, however I am still getting the same > > error-: > > > > > > > > On Mon, Apr 3, 2023 at 11:13 AM dulhaver via Ansible Project > > <[email protected] mailto:[email protected]> > > wrote: > > > > > I agree with Tood, that setting up a propper ~/.ssh/config should be the > > > way to do this. something like ... > > > > > > Host jumphost > > > HostNamehttp://jumphost.blub.com > > > User username > > > PreferredAuthentication publickey > > > IdentityFile ~/.ssh/demo.ed25519 > > > > > > Host internal-target > > > Hostnamehttp://target.blub.com > > > ProxyJump jumphost > > > User username > > > PreferredAuthentication publickey > > > IdentityFile ~/.ssh/demo.ed25519 > > > > > > > > > ... should do it I believe > > > > > > > > > > On 04/02/2023 10:51 PM CEST Todd Zullinger <[email protected] > > > > mailto:[email protected]> wrote: > > > > > > > > > > > > Will McDonald wrote: > > > > > https://www.jeffgeerling.com/blog/2022/ > > > > > using-ansible-playbook-ssh-bastion-jump-host > > > > > > > > Odd that uses ProxyCommand in `ansible_ssh_common_args` and > > > > not the far simpler ProxyJump, which it does mention in the > > > > ~/.ssh/config method. The `-J` shortcut for that is even > > > > better. > > > > > > > > Perhaps it does that to illsutrate a more complex use case, > > > > where the bastion runs on a different port, but if you're > > > > not doing that, it's likely simpler to skip it and use the > > > > `-J` argument. > > > > > > > > I would expect (but have not tested) this works: > > > > > > > > ansible_ssh_common_args='-J $your_bastion_hostname' > > > > > > > > ProxyJump / -J was added in OpenSSH-7.3 -- so it's surely on > > > > any host folks would be using as an ansible control host. > > > > > > > > -- > > > > Todd > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Ansible Project" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > > > > an email to [email protected] > > > > mailto:ansible-project%[email protected]. > > > > To view this discussion on the web visit > > > > https://groups.google.com/d/msgid/ansible-project/ZCnqsTK-z1LKdm05%40pobox.com. > > > > > > --- > > > gunnar wagner | fichtestr. 1, 19386 lübz | fon: 0176 7808 9090 > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Ansible Project" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to [email protected] > > > mailto:ansible-project%[email protected]. > > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/404677238.549090.1680500565843%40office.mailbox.org. > > > > > > > > > -- > > > > > > > > > > > > Thanks and Regards, > > > > > > > > > > > > Monika Dharmshaktu > > > > > > EMail: [email protected] mailto:[email protected] > > > > Cell: +91 9654525106 > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected] > > mailto:[email protected]. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/ansible-project/CANi23%3Dy4qzVo6Ci9DReu%3DxvLHYx9Swokd_EaB8e1s_%3D_k5hDjQ%40mail.gmail.com > > > > https://groups.google.com/d/msgid/ansible-project/CANi23%3Dy4qzVo6Ci9DReu%3DxvLHYx9Swokd_EaB8e1s_%3D_k5hDjQ%40mail.gmail.com?utm_medium=email&utm_source=footer. > > > > > > -- Thanks and Regards, Monika Dharmshaktu EMail: [email protected] mailto:[email protected] Cell: +91 9654525106 -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/982276780.653605.1680601644453%40office.mailbox.org.
