So, if a lot of your machines have IP addresses (or very different domain
names) then you'd have
to create an ssh config file entry for each individual IP address, right?
Because there'd be no way
to use wildcards. Am I missing something here?
Example:
Host 33.44.55.66
ServerAliveInterval 60
TCPKeepAlive yes
ProxyCommand ssh 55.232.102.151 'nc %h %p'
ControlMaster auto
Host 22.33.44.55
ServerAliveInterval 60
TCPKeepAlive yes
ProxyCommand ssh 55.232.102.151 'nc %h %p'
ControlMaster auto
...and so on.....
J
On Sunday, May 25, 2014 3:54:15 PM UTC-5, Michael DeHaan wrote:
>
> "Ansible best practice for handling multiple clusters with a bastion
> server for each
> cluster?"
>
> Per host settings in your SSH config file.
>
>
> On Sat, May 24, 2014 at 8:04 AM, Slim Slam <[email protected]<javascript:>
> > wrote:
>
>> Thanks. That got things working. It would be nice if Ansible did some
>> basic syntax checking on the cfg file. :-)
>>
>> So if you have multiple bastion files, but no specific domain name you
>> can wildcard off of (e.g. "Host *.mydomain.com", "Host ".
>> anotherdom.com", etc), what is the Ansible best practice for handling
>> multiple clusters with a bastion server for each
>> cluster? Reference:
>> https://groups.google.com/d/msg/ansible-project/bWdWJ4UtkFQ/fXHO3MDvF_kJ
>>
>> J
>>
>> On Friday, May 23, 2014 5:10:32 PM UTC-5, Matt Martz wrote:
>>
>>> ssh_args does not go under the [defaults] section. It belongs under a
>>> section titled [ssh_connection]
>>> --
>>> Matt Martz
>>> [email protected]
>>>
>>> On May 23, 2014 at 4:53:23 PM, Slim Slam ([email protected]) wrote:
>>>
>>> Yes. I tried that. No difference. As I mentioned, it's clear that
>>> Ansible is using my ansible.cfg file. For example, if I set the remote_user
>>> in my ansible.cfg to:
>>>
>>> [defaults]
>>>
>>> transport=ssh
>>>
>>> ssh_args= -F /work/sshconfig
>>>
>>> remote_user=dummyuser
>>>
>>>
>>> Then everything fails because Ansible tries to use "dummyuser" to
>>> connect.
>>>
>>> I'm still wondering if anyone has ever successfully used ssh_args with
>>> anything besides "-o param=value" directives.
>>>
>>> What is ansible doing, for example, if you put "-v" or "-f" in ssh_args?
>>> They seem to have no effect.
>>>
>>> J
>>>
>>> On Friday, May 23, 2014 3:04:33 PM UTC-5, James Cammarata wrote:
>>>>
>>>> I think what Michael meant was to specify the full path to the
>>>> sshconfig file, ie. "-F /path/to/mysshconfig" instead of a relative path.
>>>>
>>>>
>>>> On Fri, May 23, 2014 at 11:30 AM, Slim Slam <[email protected]> wrote:
>>>>
>>>>> FWIW, I got this idea from *you* :-) - reference:
>>>>> https://groups.google.com/d/msg/ansible-project/AOt-
>>>>> 5fgBzho/hEDnnOrJkC8J
>>>>> However, I've never seen an implementation of it or a working example
>>>>> that's been tested. I think someone posted an
>>>>> example where they had "-F ~/.ssh/config" but since that's the default
>>>>> ssh config file (ssh will use ~/.ssh/config whether or not
>>>>> your specify it with the -F flag) it doesn't really test whether it's
>>>>> working or not. :-)
>>>>>
>>>>> J
>>>>>
>>>>>
>>>>> On Friday, May 23, 2014 10:39:52 AM UTC-5, Slim Slam wrote:
>>>>>>
>>>>>> That didn't make a difference.
>>>>>> I know that ansible is using that ansible.cfg file because I can put
>>>>>> a "remote_user = xxx" line
>>>>>> at the end of it and ansible uses that.
>>>>>>
>>>>>> It would be helpful if someone could simply add "ssh_args= -F
>>>>>> sshconfig" to an ansible.cfg
>>>>>> file and show some output that proves that Ansible is using it.
>>>>>>
>>>>>> J
>>>>>>
>>>>>> On Friday, May 23, 2014 10:09:32 AM UTC-5, Michael DeHaan wrote:
>>>>>>>
>>>>>>> Hmm.
>>>>>>>
>>>>>>> So that's definitely OpenSSH by default.
>>>>>>>
>>>>>>> Commands to ssh config are arbitrary and are handled here:
>>>>>>>
>>>>>>> https://github.com/ansible/ansible/blob/devel/lib/
>>>>>>> ansible/runner/connection_plugins/ssh.py#L60
>>>>>>>
>>>>>>> Can you try specifying a full path to your SSH config file? Might
>>>>>>> be a case of relative path.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, May 23, 2014 at 9:00 AM, Slim Slam <[email protected]>wrote:
>>>>>>>
>>>>>>>> I'm running ansible 1.6.1 on MacOSX 10.9.3. The target systems are
>>>>>>>> CentOS 6.
>>>>>>>>
>>>>>>>> J
>>>>>>>>
>>>>>>>>
>>>>>>>> On Friday, May 23, 2014 7:31:58 AM UTC-5, Michael DeHaan wrote:
>>>>>>>>
>>>>>>>>> Ansible will use your SSH config when using the ssh (not
>>>>>>>>> paramiko) transport, perhaps it's not finding it for some reason.
>>>>>>>>>
>>>>>>>>> paramiko would be the default if you were running from RHEL/CentOS
>>>>>>>>> 6 or before, where OpenSSH is not new enough to support
>>>>>>>>> ControlMaster, and
>>>>>>>>> paramiko is therefore still faster. (review for everyone: accelerate
>>>>>>>>> mode
>>>>>>>>> is the performance option there, since pipeling is OpenSSH only).
>>>>>>>>>
>>>>>>>>> Let's start with what OS you are running form as that may
>>>>>>>>> highlight that transport question. If not, we can ask other
>>>>>>>>> questions.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, May 22, 2014 at 6:12 PM, Slim Slam <[email protected]>wrote:
>>>>>>>>>
>>>>>>>>>> Ansible 1.6.1
>>>>>>>>>>
>>>>>>>>>> I'm trying to set things up so that I can specify a bastion host
>>>>>>>>>> as a gateway
>>>>>>>>>> to my other machines.
>>>>>>>>>>
>>>>>>>>>> I'd like Ansible to use an SSH config file that I keep in git.
>>>>>>>>>>
>>>>>>>>>> So, I have a file named "sshconfig" with:
>>>>>>>>>>
>>>>>>>>>> Host *
>>>>>>>>>>
>>>>>>>>>> ServerAliveInterval 60
>>>>>>>>>>
>>>>>>>>>> TCPKeepAlive yes
>>>>>>>>>>
>>>>>>>>>> ProxyCommand ssh 55.232.102.151 'nc %h %p'
>>>>>>>>>>
>>>>>>>>>> ControlMaster auto
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Where 55.232.102.151 is the bastion IP address.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> My ansible.cfg file looks like:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> [defaults]
>>>>>>>>>>
>>>>>>>>>> transport = ssh
>>>>>>>>>>
>>>>>>>>>> ssh_args = -F sshconfig -o ControlPersist=15m
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> If I run "ssh -F sshconfig [email protected]" it uses the
>>>>>>>>>> bastion server as expected.
>>>>>>>>>>
>>>>>>>>>> But Ansible doesn't ever seem to use my "sshconfig" file (I don't
>>>>>>>>>> see anything about
>>>>>>>>>>
>>>>>>>>>> it in the verbose output, nor the bastion IP address). '
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Does ssh_args actually permit "-F sshconfig" or does it only
>>>>>>>>>> allow "-o param=something" options?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> J
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> You received this message because you are subscribed to the
>>>>>>>>>> Google Groups "Ansible Project" group.
>>>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>>>> send an email to [email protected].
>>>>>>>>>> To post to this group, send email to [email protected].
>>>>>>>>>>
>>>>>>>>>> To view this discussion on the web visit
>>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/
>>>>>>>>>> 25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>>>>>>> .
>>>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>> Groups "Ansible Project" group.
>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>> send an email to [email protected].
>>>>>>>> To post to this group, send email to [email protected].
>>>>>>>> To view this discussion on the web visit
>>>>>>>> https://groups.google.com/d/msgid/ansible-project/
>>>>>>>> 6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Ansible Project" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To post to this group, send email to [email protected].
>>>>> To view this discussion on the web visit https://groups.google.com/d/
>>>>> msgid/ansible-project/f4ec2561-a925-47a7-99e5-
>>>>> 7116db810100%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/f4ec2561-a925-47a7-99e5-7116db810100%40googlegroups.com?utm_medium=email&utm_source=footer>.
>>>>>
>>>>>
>>>>>
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>>
>>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To post to this group, send email to [email protected].
>>> To view this discussion on the web visit https://groups.google.com/d/
>>> msgid/ansible-project/090b1989-ed9c-4ae8-9a15-
>>> ecefd329ca96%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/090b1989-ed9c-4ae8-9a15-ecefd329ca96%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To post to this group, send email to [email protected]<javascript:>
>> .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/90e8189d-3233-4faf-bc88-ca2df579789b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
