"Ansible best practice for handling multiple clusters with a bastion server
for each
cluster?"

Per host settings in your SSH config file.


On Sat, May 24, 2014 at 8:04 AM, Slim Slam <[email protected]> wrote:

> Thanks. That got things working. It would be nice if Ansible did some
> basic  syntax checking on the cfg file.  :-)
>
> So if you have multiple bastion files, but no specific domain name you can
> wildcard off of (e.g.  "Host  *.mydomain.com",  "Host ".anotherdom.com",
> etc), what is the Ansible best practice for handling multiple clusters with
> a bastion server for each
> cluster?  Reference:
> https://groups.google.com/d/msg/ansible-project/bWdWJ4UtkFQ/fXHO3MDvF_kJ
>
> J
>
> On Friday, May 23, 2014 5:10:32 PM UTC-5, Matt Martz wrote:
>
>> ssh_args does not go under the [defaults] section.  It belongs under a
>> section titled [ssh_connection]
>> --
>> Matt Martz
>> [email protected]
>>
>> On May 23, 2014 at 4:53:23 PM, Slim Slam ([email protected]) wrote:
>>
>> Yes. I tried that. No difference. As I mentioned, it's clear that Ansible
>> is using my ansible.cfg file. For example, if I set the remote_user in my
>> ansible.cfg to:
>>
>>  [defaults]
>>
>> transport=ssh
>>
>> ssh_args= -F /work/sshconfig
>>
>> remote_user=dummyuser
>>
>>
>> Then everything fails because Ansible tries to use "dummyuser" to
>> connect.
>>
>> I'm still wondering if anyone has ever successfully used ssh_args with
>> anything besides "-o param=value" directives.
>>
>> What is ansible doing, for example, if you put "-v" or "-f" in ssh_args?
>> They seem to have no effect.
>>
>> J
>>
>> On Friday, May 23, 2014 3:04:33 PM UTC-5, James Cammarata wrote:
>>>
>>> I think what Michael meant was to specify the full path to the sshconfig
>>> file, ie. "-F /path/to/mysshconfig" instead of a relative path.
>>>
>>>
>>> On Fri, May 23, 2014 at 11:30 AM, Slim Slam <[email protected]> wrote:
>>>
>>>> FWIW, I got this idea from *you*  :-)   - reference:
>>>> https://groups.google.com/d/msg/ansible-project/AOt-
>>>> 5fgBzho/hEDnnOrJkC8J
>>>> However, I've never seen an implementation of it or a working example
>>>> that's been tested. I think someone posted an
>>>> example where they had "-F ~/.ssh/config" but since that's the default
>>>> ssh config file (ssh will use ~/.ssh/config whether or not
>>>> your specify it with the -F flag) it doesn't really test whether it's
>>>> working or not.  :-)
>>>>
>>>> J
>>>>
>>>>
>>>> On Friday, May 23, 2014 10:39:52 AM UTC-5, Slim Slam wrote:
>>>>>
>>>>> That didn't make a difference.
>>>>> I know that ansible is using that ansible.cfg file because I can put a
>>>>> "remote_user = xxx" line
>>>>> at the end of it and ansible uses that.
>>>>>
>>>>> It would be helpful if someone could simply add "ssh_args= -F
>>>>> sshconfig" to an ansible.cfg
>>>>> file and show some output that proves that Ansible is using it.
>>>>>
>>>>> J
>>>>>
>>>>> On Friday, May 23, 2014 10:09:32 AM UTC-5, Michael DeHaan wrote:
>>>>>>
>>>>>> Hmm.
>>>>>>
>>>>>> So that's definitely OpenSSH by default.
>>>>>>
>>>>>> Commands to ssh config are arbitrary and are handled here:
>>>>>>
>>>>>>  https://github.com/ansible/ansible/blob/devel/lib/
>>>>>> ansible/runner/connection_plugins/ssh.py#L60
>>>>>>
>>>>>> Can you try specifying a full path to your SSH config file?  Might be
>>>>>> a case of relative path.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, May 23, 2014 at 9:00 AM, Slim Slam <[email protected]>wrote:
>>>>>>
>>>>>>> I'm running ansible 1.6.1 on MacOSX 10.9.3. The target systems are
>>>>>>> CentOS 6.
>>>>>>>
>>>>>>> J
>>>>>>>
>>>>>>>
>>>>>>> On Friday, May 23, 2014 7:31:58 AM UTC-5, Michael DeHaan wrote:
>>>>>>>
>>>>>>>>  Ansible will use your SSH config when using the ssh (not
>>>>>>>> paramiko) transport, perhaps it's not finding it for some reason.
>>>>>>>>
>>>>>>>> paramiko would be the default if you were running from RHEL/CentOS
>>>>>>>> 6 or before, where OpenSSH is not new enough to support ControlMaster, 
>>>>>>>> and
>>>>>>>> paramiko is therefore still faster.  (review for everyone: accelerate 
>>>>>>>> mode
>>>>>>>> is the performance option there, since pipeling is OpenSSH only).
>>>>>>>>
>>>>>>>>  Let's start with what OS you are running form as that may
>>>>>>>> highlight that transport question.   If not, we can ask other 
>>>>>>>> questions.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>  On Thu, May 22, 2014 at 6:12 PM, Slim Slam <[email protected]>wrote:
>>>>>>>>
>>>>>>>>>  Ansible 1.6.1
>>>>>>>>>
>>>>>>>>> I'm trying to set things up so that I can specify a bastion host
>>>>>>>>> as  a gateway
>>>>>>>>> to my other machines.
>>>>>>>>>
>>>>>>>>> I'd like Ansible to use an SSH config file that I keep in git.
>>>>>>>>>
>>>>>>>>> So, I have a file named  "sshconfig" with:
>>>>>>>>>
>>>>>>>>>   Host *
>>>>>>>>>
>>>>>>>>>      ServerAliveInterval    60
>>>>>>>>>
>>>>>>>>>      TCPKeepAlive           yes
>>>>>>>>>
>>>>>>>>>      ProxyCommand           ssh 55.232.102.151 'nc %h %p'
>>>>>>>>>
>>>>>>>>>      ControlMaster          auto
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  Where 55.232.102.151 is the bastion IP address.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  My ansible.cfg file looks like:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  [defaults]
>>>>>>>>>
>>>>>>>>> transport = ssh
>>>>>>>>>
>>>>>>>>>  ssh_args = -F sshconfig -o ControlPersist=15m
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  If I run  "ssh  -F sshconfig [email protected]" it uses the
>>>>>>>>> bastion server as expected.
>>>>>>>>>
>>>>>>>>> But Ansible doesn't ever seem to use my "sshconfig" file (I don't
>>>>>>>>> see anything about
>>>>>>>>>
>>>>>>>>> it in the verbose output, nor the bastion IP address).  '
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  Does ssh_args actually permit "-F sshconfig" or does it only
>>>>>>>>> allow "-o param=something" options?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>  J
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>   --
>>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>>> Groups "Ansible Project" group.
>>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>>> send an email to [email protected].
>>>>>>>>> To post to this group, send email to [email protected].
>>>>>>>>>
>>>>>>>>> To view this discussion on the web visit
>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/
>>>>>>>>> 25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>>>>> .
>>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>>
>>>>>>>>
>>>>>>>>    --
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "Ansible Project" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to [email protected].
>>>>>>> To post to this group, send email to [email protected].
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/d/msgid/ansible-project/
>>>>>>> 6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>>>>>>
>>>>>>>
>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>
>>>>>>
>>>>>>      --
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Ansible Project" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To post to this group, send email to [email protected].
>>>>  To view this discussion on the web visit https://groups.google.com/d/
>>>> msgid/ansible-project/f4ec2561-a925-47a7-99e5-
>>>> 7116db810100%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/f4ec2561-a925-47a7-99e5-7116db810100%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>>>
>>>>
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>>    --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To post to this group, send email to [email protected].
>> To view this discussion on the web visit https://groups.google.com/d/
>> msgid/ansible-project/090b1989-ed9c-4ae8-9a15-
>> ecefd329ca96%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/090b1989-ed9c-4ae8-9a15-ecefd329ca96%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>>  --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgz5hoxkexc16%3DnvJeK2sD%3D_8XTeyAmRMAq%3Dz8UTY1zORQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to