To clarify further -- I know that I can use wildcards in the ssh config file like:
Host *.example.com Host 128.220.19.* But what if I have a lot of different IP addresses or host names? Then I'd have to simply have a separate entry in my ssh config file for each one? J On Sunday, May 25, 2014 7:49:17 PM UTC-5, Slim Slam wrote: > > So, if a lot of your machines have IP addresses (or very different domain > names) then you'd have > to create an ssh config file entry for each individual IP address, right? > Because there'd be no way > to use wildcards. Am I missing something here? > > Example: > > Host 33.44.55.66 > ServerAliveInterval 60 > TCPKeepAlive yes > ProxyCommand ssh 55.232.102.151 'nc %h %p' > ControlMaster auto > > Host 22.33.44.55 > ServerAliveInterval 60 > TCPKeepAlive yes > ProxyCommand ssh 55.232.102.151 'nc %h %p' > ControlMaster auto > > ...and so on..... > > J > > On Sunday, May 25, 2014 3:54:15 PM UTC-5, Michael DeHaan wrote: >> >> "Ansible best practice for handling multiple clusters with a bastion >> server for each >> cluster?" >> >> Per host settings in your SSH config file. >> >> >> On Sat, May 24, 2014 at 8:04 AM, Slim Slam <[email protected]> wrote: >> >>> Thanks. That got things working. It would be nice if Ansible did some >>> basic syntax checking on the cfg file. :-) >>> >>> So if you have multiple bastion files, but no specific domain name you >>> can wildcard off of (e.g. "Host *.mydomain.com", "Host ". >>> anotherdom.com", etc), what is the Ansible best practice for handling >>> multiple clusters with a bastion server for each >>> cluster? Reference: >>> https://groups.google.com/d/msg/ansible-project/bWdWJ4UtkFQ/fXHO3MDvF_kJ >>> >>> J >>> >>> On Friday, May 23, 2014 5:10:32 PM UTC-5, Matt Martz wrote: >>> >>>> ssh_args does not go under the [defaults] section. It belongs under a >>>> section titled [ssh_connection] >>>> -- >>>> Matt Martz >>>> [email protected] >>>> >>>> On May 23, 2014 at 4:53:23 PM, Slim Slam ([email protected]) wrote: >>>> >>>> Yes. I tried that. No difference. As I mentioned, it's clear that >>>> Ansible is using my ansible.cfg file. For example, if I set the >>>> remote_user >>>> in my ansible.cfg to: >>>> >>>> [defaults] >>>> >>>> transport=ssh >>>> >>>> ssh_args= -F /work/sshconfig >>>> >>>> remote_user=dummyuser >>>> >>>> >>>> Then everything fails because Ansible tries to use "dummyuser" to >>>> connect. >>>> >>>> I'm still wondering if anyone has ever successfully used ssh_args with >>>> anything besides "-o param=value" directives. >>>> >>>> What is ansible doing, for example, if you put "-v" or "-f" in >>>> ssh_args? They seem to have no effect. >>>> >>>> J >>>> >>>> On Friday, May 23, 2014 3:04:33 PM UTC-5, James Cammarata wrote: >>>>> >>>>> I think what Michael meant was to specify the full path to the >>>>> sshconfig file, ie. "-F /path/to/mysshconfig" instead of a relative path. >>>>> >>>>> >>>>> On Fri, May 23, 2014 at 11:30 AM, Slim Slam <[email protected]>wrote: >>>>> >>>>>> FWIW, I got this idea from *you* :-) - reference: >>>>>> https://groups.google.com/d/msg/ansible-project/AOt- >>>>>> 5fgBzho/hEDnnOrJkC8J >>>>>> However, I've never seen an implementation of it or a working example >>>>>> that's been tested. I think someone posted an >>>>>> example where they had "-F ~/.ssh/config" but since that's the >>>>>> default ssh config file (ssh will use ~/.ssh/config whether or not >>>>>> your specify it with the -F flag) it doesn't really test whether it's >>>>>> working or not. :-) >>>>>> >>>>>> J >>>>>> >>>>>> >>>>>> On Friday, May 23, 2014 10:39:52 AM UTC-5, Slim Slam wrote: >>>>>>> >>>>>>> That didn't make a difference. >>>>>>> I know that ansible is using that ansible.cfg file because I can put >>>>>>> a "remote_user = xxx" line >>>>>>> at the end of it and ansible uses that. >>>>>>> >>>>>>> It would be helpful if someone could simply add "ssh_args= -F >>>>>>> sshconfig" to an ansible.cfg >>>>>>> file and show some output that proves that Ansible is using it. >>>>>>> >>>>>>> J >>>>>>> >>>>>>> On Friday, May 23, 2014 10:09:32 AM UTC-5, Michael DeHaan wrote: >>>>>>>> >>>>>>>> Hmm. >>>>>>>> >>>>>>>> So that's definitely OpenSSH by default. >>>>>>>> >>>>>>>> Commands to ssh config are arbitrary and are handled here: >>>>>>>> >>>>>>>> https://github.com/ansible/ansible/blob/devel/lib/ >>>>>>>> ansible/runner/connection_plugins/ssh.py#L60 >>>>>>>> >>>>>>>> Can you try specifying a full path to your SSH config file? Might >>>>>>>> be a case of relative path. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Fri, May 23, 2014 at 9:00 AM, Slim Slam <[email protected]>wrote: >>>>>>>> >>>>>>>>> I'm running ansible 1.6.1 on MacOSX 10.9.3. The target systems are >>>>>>>>> CentOS 6. >>>>>>>>> >>>>>>>>> J >>>>>>>>> >>>>>>>>> >>>>>>>>> On Friday, May 23, 2014 7:31:58 AM UTC-5, Michael DeHaan wrote: >>>>>>>>> >>>>>>>>>> Ansible will use your SSH config when using the ssh (not >>>>>>>>>> paramiko) transport, perhaps it's not finding it for some reason. >>>>>>>>>> >>>>>>>>>> paramiko would be the default if you were running from >>>>>>>>>> RHEL/CentOS 6 or before, where OpenSSH is not new enough to support >>>>>>>>>> ControlMaster, and paramiko is therefore still faster. (review for >>>>>>>>>> everyone: accelerate mode is the performance option there, since >>>>>>>>>> pipeling >>>>>>>>>> is OpenSSH only). >>>>>>>>>> >>>>>>>>>> Let's start with what OS you are running form as that may >>>>>>>>>> highlight that transport question. If not, we can ask other >>>>>>>>>> questions. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, May 22, 2014 at 6:12 PM, Slim Slam >>>>>>>>>> <[email protected]>wrote: >>>>>>>>>> >>>>>>>>>>> Ansible 1.6.1 >>>>>>>>>>> >>>>>>>>>>> I'm trying to set things up so that I can specify a bastion host >>>>>>>>>>> as a gateway >>>>>>>>>>> to my other machines. >>>>>>>>>>> >>>>>>>>>>> I'd like Ansible to use an SSH config file that I keep in git. >>>>>>>>>>> >>>>>>>>>>> So, I have a file named "sshconfig" with: >>>>>>>>>>> >>>>>>>>>>> Host * >>>>>>>>>>> >>>>>>>>>>> ServerAliveInterval 60 >>>>>>>>>>> >>>>>>>>>>> TCPKeepAlive yes >>>>>>>>>>> >>>>>>>>>>> ProxyCommand ssh 55.232.102.151 'nc %h %p' >>>>>>>>>>> >>>>>>>>>>> ControlMaster auto >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Where 55.232.102.151 is the bastion IP address. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> My ansible.cfg file looks like: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> [defaults] >>>>>>>>>>> >>>>>>>>>>> transport = ssh >>>>>>>>>>> >>>>>>>>>>> ssh_args = -F sshconfig -o ControlPersist=15m >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> If I run "ssh -F sshconfig [email protected]" it uses the >>>>>>>>>>> bastion server as expected. >>>>>>>>>>> >>>>>>>>>>> But Ansible doesn't ever seem to use my "sshconfig" file (I >>>>>>>>>>> don't see anything about >>>>>>>>>>> >>>>>>>>>>> it in the verbose output, nor the bastion IP address). ' >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Does ssh_args actually permit "-F sshconfig" or does it only >>>>>>>>>>> allow "-o param=something" options? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> J >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "Ansible Project" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> To post to this group, send email to [email protected] >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/ >>>>>>>>>>> 25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "Ansible Project" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/d/msgid/ansible-project/ >>>>>>>>> 6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com?utm_medium=email&utm_source=footer>. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Ansible Project" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To post to this group, send email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/ansible-project/ >>>>>> f4ec2561-a925-47a7-99e5-7116db810100%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/f4ec2561-a925-47a7-99e5-7116db810100%40googlegroups.com?utm_medium=email&utm_source=footer>. >>>>>> >>>>>> >>>>>> >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/090b1989-ed9c-4ae8-9a15- >>>> ecefd329ca96%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/090b1989-ed9c-4ae8-9a15-ecefd329ca96%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0c16cf5f-e2f5-4c05-9fde-2fe7e93b438b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
