Thanks. That got things working. It would be nice if Ansible did some basic syntax checking on the cfg file. :-)
So if you have multiple bastion files, but no specific domain name you can wildcard off of (e.g. "Host *.mydomain.com", "Host ".anotherdom.com", etc), what is the Ansible best practice for handling multiple clusters with a bastion server for each cluster? Reference: https://groups.google.com/d/msg/ansible-project/bWdWJ4UtkFQ/fXHO3MDvF_kJ J On Friday, May 23, 2014 5:10:32 PM UTC-5, Matt Martz wrote: > > ssh_args does not go under the [defaults] section. It belongs under a > section titled [ssh_connection] > -- > Matt Martz > [email protected] <javascript:> > > On May 23, 2014 at 4:53:23 PM, Slim Slam ([email protected] <javascript:>) > wrote: > > Yes. I tried that. No difference. As I mentioned, it's clear that Ansible > is using my ansible.cfg file. For example, if I set the remote_user in my > ansible.cfg to: > > [defaults] > > transport=ssh > > ssh_args= -F /work/sshconfig > > remote_user=dummyuser > > > Then everything fails because Ansible tries to use "dummyuser" to connect. > > I'm still wondering if anyone has ever successfully used ssh_args with > anything besides "-o param=value" directives. > > What is ansible doing, for example, if you put "-v" or "-f" in ssh_args? > They seem to have no effect. > > J > > On Friday, May 23, 2014 3:04:33 PM UTC-5, James Cammarata wrote: >> >> I think what Michael meant was to specify the full path to the sshconfig >> file, ie. "-F /path/to/mysshconfig" instead of a relative path. >> >> >> On Fri, May 23, 2014 at 11:30 AM, Slim Slam <[email protected]> wrote: >> >>> FWIW, I got this idea from *you* :-) - reference: >>> https://groups.google.com/d/msg/ansible-project/AOt-5fgBzho/hEDnnOrJkC8J >>> However, I've never seen an implementation of it or a working example >>> that's been tested. I think someone posted an >>> example where they had "-F ~/.ssh/config" but since that's the default >>> ssh config file (ssh will use ~/.ssh/config whether or not >>> your specify it with the -F flag) it doesn't really test whether it's >>> working or not. :-) >>> >>> J >>> >>> >>> On Friday, May 23, 2014 10:39:52 AM UTC-5, Slim Slam wrote: >>>> >>>> That didn't make a difference. >>>> I know that ansible is using that ansible.cfg file because I can put a >>>> "remote_user = xxx" line >>>> at the end of it and ansible uses that. >>>> >>>> It would be helpful if someone could simply add "ssh_args= -F >>>> sshconfig" to an ansible.cfg >>>> file and show some output that proves that Ansible is using it. >>>> >>>> J >>>> >>>> On Friday, May 23, 2014 10:09:32 AM UTC-5, Michael DeHaan wrote: >>>>> >>>>> Hmm. >>>>> >>>>> So that's definitely OpenSSH by default. >>>>> >>>>> Commands to ssh config are arbitrary and are handled here: >>>>> >>>>> https://github.com/ansible/ansible/blob/devel/lib/ansible/runner/connection_plugins/ssh.py#L60 >>>>> >>>>> Can you try specifying a full path to your SSH config file? Might be >>>>> a case of relative path. >>>>> >>>>> >>>>> >>>>> >>>>> On Fri, May 23, 2014 at 9:00 AM, Slim Slam <[email protected]> wrote: >>>>> >>>>>> I'm running ansible 1.6.1 on MacOSX 10.9.3. The target systems are >>>>>> CentOS 6. >>>>>> >>>>>> J >>>>>> >>>>>> >>>>>> On Friday, May 23, 2014 7:31:58 AM UTC-5, Michael DeHaan wrote: >>>>>> >>>>>>> Ansible will use your SSH config when using the ssh (not paramiko) >>>>>>> transport, perhaps it's not finding it for some reason. >>>>>>> >>>>>>> paramiko would be the default if you were running from RHEL/CentOS 6 >>>>>>> or before, where OpenSSH is not new enough to support ControlMaster, >>>>>>> and >>>>>>> paramiko is therefore still faster. (review for everyone: accelerate >>>>>>> mode >>>>>>> is the performance option there, since pipeling is OpenSSH only). >>>>>>> >>>>>>> Let's start with what OS you are running form as that may >>>>>>> highlight that transport question. If not, we can ask other questions. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, May 22, 2014 at 6:12 PM, Slim Slam <[email protected]>wrote: >>>>>>> >>>>>>>> Ansible 1.6.1 >>>>>>>> >>>>>>>> I'm trying to set things up so that I can specify a bastion host as >>>>>>>> a gateway >>>>>>>> to my other machines. >>>>>>>> >>>>>>>> I'd like Ansible to use an SSH config file that I keep in git. >>>>>>>> >>>>>>>> So, I have a file named "sshconfig" with: >>>>>>>> >>>>>>>> Host * >>>>>>>> >>>>>>>> ServerAliveInterval 60 >>>>>>>> >>>>>>>> TCPKeepAlive yes >>>>>>>> >>>>>>>> ProxyCommand ssh 55.232.102.151 'nc %h %p' >>>>>>>> >>>>>>>> ControlMaster auto >>>>>>>> >>>>>>>> >>>>>>>> Where 55.232.102.151 is the bastion IP address. >>>>>>>> >>>>>>>> >>>>>>>> My ansible.cfg file looks like: >>>>>>>> >>>>>>>> >>>>>>>> [defaults] >>>>>>>> >>>>>>>> transport = ssh >>>>>>>> >>>>>>>> ssh_args = -F sshconfig -o ControlPersist=15m >>>>>>>> >>>>>>>> >>>>>>>> If I run "ssh -F sshconfig [email protected]" it uses the >>>>>>>> bastion server as expected. >>>>>>>> >>>>>>>> But Ansible doesn't ever seem to use my "sshconfig" file (I don't >>>>>>>> see anything about >>>>>>>> >>>>>>>> it in the verbose output, nor the bastion IP address). ' >>>>>>>> >>>>>>>> >>>>>>>> Does ssh_args actually permit "-F sshconfig" or does it only >>>>>>>> allow "-o param=something" options? >>>>>>>> >>>>>>>> >>>>>>>> J >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> You received this message because you are subscribed to the Google >>>>>>>> Groups "Ansible Project" group. >>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>> send an email to [email protected]. >>>>>>>> To post to this group, send email to [email protected]. >>>>>>>> >>>>>>>> To view this discussion on the web visit >>>>>>>> https://groups.google.com/d/msgid/ansible-project/25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>> . >>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>> >>>>>>> >>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/ansible-project/6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com?utm_medium=email&utm_source=footer>. >>>>>> >>>>>> >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/f4ec2561-a925-47a7-99e5-7116db810100%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/f4ec2561-a925-47a7-99e5-7116db810100%40googlegroups.com?utm_medium=email&utm_source=footer>. >>> >>> >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected]<javascript:> > . > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/090b1989-ed9c-4ae8-9a15-ecefd329ca96%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/090b1989-ed9c-4ae8-9a15-ecefd329ca96%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
