"Ansible best practice for handling multiple clusters with a bastion server for each cluster?"
Per host settings in your SSH config file. On Sat, May 24, 2014 at 8:04 AM, Slim Slam <[email protected]> wrote: > Thanks. That got things working. It would be nice if Ansible did some > basic syntax checking on the cfg file. :-) > > So if you have multiple bastion files, but no specific domain name you can > wildcard off of (e.g. "Host *.mydomain.com", "Host ".anotherdom.com", > etc), what is the Ansible best practice for handling multiple clusters with > a bastion server for each > cluster? Reference: > https://groups.google.com/d/msg/ansible-project/bWdWJ4UtkFQ/fXHO3MDvF_kJ > > J > > On Friday, May 23, 2014 5:10:32 PM UTC-5, Matt Martz wrote: > >> ssh_args does not go under the [defaults] section. It belongs under a >> section titled [ssh_connection] >> -- >> Matt Martz >> [email protected] >> >> On May 23, 2014 at 4:53:23 PM, Slim Slam ([email protected]) wrote: >> >> Yes. I tried that. No difference. As I mentioned, it's clear that Ansible >> is using my ansible.cfg file. For example, if I set the remote_user in my >> ansible.cfg to: >> >> [defaults] >> >> transport=ssh >> >> ssh_args= -F /work/sshconfig >> >> remote_user=dummyuser >> >> >> Then everything fails because Ansible tries to use "dummyuser" to >> connect. >> >> I'm still wondering if anyone has ever successfully used ssh_args with >> anything besides "-o param=value" directives. >> >> What is ansible doing, for example, if you put "-v" or "-f" in ssh_args? >> They seem to have no effect. >> >> J >> >> On Friday, May 23, 2014 3:04:33 PM UTC-5, James Cammarata wrote: >>> >>> I think what Michael meant was to specify the full path to the sshconfig >>> file, ie. "-F /path/to/mysshconfig" instead of a relative path. >>> >>> >>> On Fri, May 23, 2014 at 11:30 AM, Slim Slam <[email protected]> wrote: >>> >>>> FWIW, I got this idea from *you* :-) - reference: >>>> https://groups.google.com/d/msg/ansible-project/AOt- >>>> 5fgBzho/hEDnnOrJkC8J >>>> However, I've never seen an implementation of it or a working example >>>> that's been tested. I think someone posted an >>>> example where they had "-F ~/.ssh/config" but since that's the default >>>> ssh config file (ssh will use ~/.ssh/config whether or not >>>> your specify it with the -F flag) it doesn't really test whether it's >>>> working or not. :-) >>>> >>>> J >>>> >>>> >>>> On Friday, May 23, 2014 10:39:52 AM UTC-5, Slim Slam wrote: >>>>> >>>>> That didn't make a difference. >>>>> I know that ansible is using that ansible.cfg file because I can put a >>>>> "remote_user = xxx" line >>>>> at the end of it and ansible uses that. >>>>> >>>>> It would be helpful if someone could simply add "ssh_args= -F >>>>> sshconfig" to an ansible.cfg >>>>> file and show some output that proves that Ansible is using it. >>>>> >>>>> J >>>>> >>>>> On Friday, May 23, 2014 10:09:32 AM UTC-5, Michael DeHaan wrote: >>>>>> >>>>>> Hmm. >>>>>> >>>>>> So that's definitely OpenSSH by default. >>>>>> >>>>>> Commands to ssh config are arbitrary and are handled here: >>>>>> >>>>>> https://github.com/ansible/ansible/blob/devel/lib/ >>>>>> ansible/runner/connection_plugins/ssh.py#L60 >>>>>> >>>>>> Can you try specifying a full path to your SSH config file? Might be >>>>>> a case of relative path. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Fri, May 23, 2014 at 9:00 AM, Slim Slam <[email protected]>wrote: >>>>>> >>>>>>> I'm running ansible 1.6.1 on MacOSX 10.9.3. The target systems are >>>>>>> CentOS 6. >>>>>>> >>>>>>> J >>>>>>> >>>>>>> >>>>>>> On Friday, May 23, 2014 7:31:58 AM UTC-5, Michael DeHaan wrote: >>>>>>> >>>>>>>> Ansible will use your SSH config when using the ssh (not >>>>>>>> paramiko) transport, perhaps it's not finding it for some reason. >>>>>>>> >>>>>>>> paramiko would be the default if you were running from RHEL/CentOS >>>>>>>> 6 or before, where OpenSSH is not new enough to support ControlMaster, >>>>>>>> and >>>>>>>> paramiko is therefore still faster. (review for everyone: accelerate >>>>>>>> mode >>>>>>>> is the performance option there, since pipeling is OpenSSH only). >>>>>>>> >>>>>>>> Let's start with what OS you are running form as that may >>>>>>>> highlight that transport question. If not, we can ask other >>>>>>>> questions. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thu, May 22, 2014 at 6:12 PM, Slim Slam <[email protected]>wrote: >>>>>>>> >>>>>>>>> Ansible 1.6.1 >>>>>>>>> >>>>>>>>> I'm trying to set things up so that I can specify a bastion host >>>>>>>>> as a gateway >>>>>>>>> to my other machines. >>>>>>>>> >>>>>>>>> I'd like Ansible to use an SSH config file that I keep in git. >>>>>>>>> >>>>>>>>> So, I have a file named "sshconfig" with: >>>>>>>>> >>>>>>>>> Host * >>>>>>>>> >>>>>>>>> ServerAliveInterval 60 >>>>>>>>> >>>>>>>>> TCPKeepAlive yes >>>>>>>>> >>>>>>>>> ProxyCommand ssh 55.232.102.151 'nc %h %p' >>>>>>>>> >>>>>>>>> ControlMaster auto >>>>>>>>> >>>>>>>>> >>>>>>>>> Where 55.232.102.151 is the bastion IP address. >>>>>>>>> >>>>>>>>> >>>>>>>>> My ansible.cfg file looks like: >>>>>>>>> >>>>>>>>> >>>>>>>>> [defaults] >>>>>>>>> >>>>>>>>> transport = ssh >>>>>>>>> >>>>>>>>> ssh_args = -F sshconfig -o ControlPersist=15m >>>>>>>>> >>>>>>>>> >>>>>>>>> If I run "ssh -F sshconfig [email protected]" it uses the >>>>>>>>> bastion server as expected. >>>>>>>>> >>>>>>>>> But Ansible doesn't ever seem to use my "sshconfig" file (I don't >>>>>>>>> see anything about >>>>>>>>> >>>>>>>>> it in the verbose output, nor the bastion IP address). ' >>>>>>>>> >>>>>>>>> >>>>>>>>> Does ssh_args actually permit "-F sshconfig" or does it only >>>>>>>>> allow "-o param=something" options? >>>>>>>>> >>>>>>>>> >>>>>>>>> J >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Ansible Project" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/ansible-project/ >>>>>>>>> 25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Ansible Project" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/ >>>>>>> 6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com?utm_medium=email&utm_source=footer>. >>>>>>> >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/f4ec2561-a925-47a7-99e5- >>>> 7116db810100%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/f4ec2561-a925-47a7-99e5-7116db810100%40googlegroups.com?utm_medium=email&utm_source=footer>. >>>> >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ >> msgid/ansible-project/090b1989-ed9c-4ae8-9a15- >> ecefd329ca96%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/090b1989-ed9c-4ae8-9a15-ecefd329ca96%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgz5hoxkexc16%3DnvJeK2sD%3D_8XTeyAmRMAq%3Dz8UTY1zORQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
