"Then I'd have to simply have a separate entry in my ssh config file for each one?"
Yes, because you just said you couldn't use wildcards :) +1 to having private hostnames or conventions to make that easier. On Sun, May 25, 2014 at 11:51 PM, Slim Slam <[email protected]> wrote: > To clarify further -- I know that I can use wildcards in the ssh config > file like: > > Host *.example.com > Host 128.220.19.* > > > But what if I have a lot of different IP addresses or host names? Then > I'd have to simply have a separate entry in my ssh config > file for each one? > > J > > On Sunday, May 25, 2014 7:49:17 PM UTC-5, Slim Slam wrote: >> >> So, if a lot of your machines have IP addresses (or very different domain >> names) then you'd have >> to create an ssh config file entry for each individual IP address, right? >> Because there'd be no way >> to use wildcards. Am I missing something here? >> >> Example: >> >> Host 33.44.55.66 >> ServerAliveInterval 60 >> TCPKeepAlive yes >> ProxyCommand ssh 55.232.102.151 'nc %h %p' >> ControlMaster auto >> >> Host 22.33.44.55 >> ServerAliveInterval 60 >> TCPKeepAlive yes >> ProxyCommand ssh 55.232.102.151 'nc %h %p' >> ControlMaster auto >> >> ...and so on..... >> >> J >> >> On Sunday, May 25, 2014 3:54:15 PM UTC-5, Michael DeHaan wrote: >>> >>> "Ansible best practice for handling multiple clusters with a bastion >>> server for each >>> cluster?" >>> >>> Per host settings in your SSH config file. >>> >>> >>> On Sat, May 24, 2014 at 8:04 AM, Slim Slam <[email protected]> wrote: >>> >>>> Thanks. That got things working. It would be nice if Ansible did some >>>> basic syntax checking on the cfg file. :-) >>>> >>>> So if you have multiple bastion files, but no specific domain name you >>>> can wildcard off of (e.g. "Host *.mydomain.com", "Host ". >>>> anotherdom.com", etc), what is the Ansible best practice for handling >>>> multiple clusters with a bastion server for each >>>> cluster? Reference: https://groups.google.com/d/msg/ansible-project/ >>>> bWdWJ4UtkFQ/fXHO3MDvF_kJ >>>> >>>> J >>>> >>>> On Friday, May 23, 2014 5:10:32 PM UTC-5, Matt Martz wrote: >>>> >>>>> ssh_args does not go under the [defaults] section. It belongs under a >>>>> section titled [ssh_connection] >>>>> -- >>>>> Matt Martz >>>>> [email protected] >>>>> >>>>> On May 23, 2014 at 4:53:23 PM, Slim Slam ([email protected]) wrote: >>>>> >>>>> Yes. I tried that. No difference. As I mentioned, it's clear that >>>>> Ansible is using my ansible.cfg file. For example, if I set the >>>>> remote_user >>>>> in my ansible.cfg to: >>>>> >>>>> [defaults] >>>>> >>>>> transport=ssh >>>>> >>>>> ssh_args= -F /work/sshconfig >>>>> >>>>> remote_user=dummyuser >>>>> >>>>> >>>>> Then everything fails because Ansible tries to use "dummyuser" to >>>>> connect. >>>>> >>>>> I'm still wondering if anyone has ever successfully used ssh_args with >>>>> anything besides "-o param=value" directives. >>>>> >>>>> What is ansible doing, for example, if you put "-v" or "-f" in >>>>> ssh_args? They seem to have no effect. >>>>> >>>>> J >>>>> >>>>> On Friday, May 23, 2014 3:04:33 PM UTC-5, James Cammarata wrote: >>>>>> >>>>>> I think what Michael meant was to specify the full path to the >>>>>> sshconfig file, ie. "-F /path/to/mysshconfig" instead of a relative path. >>>>>> >>>>>> >>>>>> On Fri, May 23, 2014 at 11:30 AM, Slim Slam <[email protected]>wrote: >>>>>> >>>>>>> FWIW, I got this idea from *you* :-) - reference: >>>>>>> https://groups.google.com/d/msg/ansible-project/AOt-5fgBzho >>>>>>> /hEDnnOrJkC8J >>>>>>> However, I've never seen an implementation of it or a working >>>>>>> example that's been tested. I think someone posted an >>>>>>> example where they had "-F ~/.ssh/config" but since that's the >>>>>>> default ssh config file (ssh will use ~/.ssh/config whether or not >>>>>>> your specify it with the -F flag) it doesn't really test whether >>>>>>> it's working or not. :-) >>>>>>> >>>>>>> J >>>>>>> >>>>>>> >>>>>>> On Friday, May 23, 2014 10:39:52 AM UTC-5, Slim Slam wrote: >>>>>>>> >>>>>>>> That didn't make a difference. >>>>>>>> I know that ansible is using that ansible.cfg file because I can >>>>>>>> put a "remote_user = xxx" line >>>>>>>> at the end of it and ansible uses that. >>>>>>>> >>>>>>>> It would be helpful if someone could simply add "ssh_args= -F >>>>>>>> sshconfig" to an ansible.cfg >>>>>>>> file and show some output that proves that Ansible is using it. >>>>>>>> >>>>>>>> J >>>>>>>> >>>>>>>> On Friday, May 23, 2014 10:09:32 AM UTC-5, Michael DeHaan wrote: >>>>>>>>> >>>>>>>>> Hmm. >>>>>>>>> >>>>>>>>> So that's definitely OpenSSH by default. >>>>>>>>> >>>>>>>>> Commands to ssh config are arbitrary and are handled here: >>>>>>>>> >>>>>>>>> https://github.com/ansible/ansible/blob/devel/lib/ansible/ >>>>>>>>> runner/connection_plugins/ssh.py#L60 >>>>>>>>> >>>>>>>>> Can you try specifying a full path to your SSH config file? Might >>>>>>>>> be a case of relative path. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, May 23, 2014 at 9:00 AM, Slim Slam <[email protected]>wrote: >>>>>>>>> >>>>>>>>>> I'm running ansible 1.6.1 on MacOSX 10.9.3. The target systems >>>>>>>>>> are CentOS 6. >>>>>>>>>> >>>>>>>>>> J >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Friday, May 23, 2014 7:31:58 AM UTC-5, Michael DeHaan wrote: >>>>>>>>>> >>>>>>>>>>> Ansible will use your SSH config when using the ssh (not >>>>>>>>>>> paramiko) transport, perhaps it's not finding it for some reason. >>>>>>>>>>> >>>>>>>>>>> paramiko would be the default if you were running from >>>>>>>>>>> RHEL/CentOS 6 or before, where OpenSSH is not new enough to support >>>>>>>>>>> ControlMaster, and paramiko is therefore still faster. (review for >>>>>>>>>>> everyone: accelerate mode is the performance option there, since >>>>>>>>>>> pipeling >>>>>>>>>>> is OpenSSH only). >>>>>>>>>>> >>>>>>>>>>> Let's start with what OS you are running form as that may >>>>>>>>>>> highlight that transport question. If not, we can ask other >>>>>>>>>>> questions. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Thu, May 22, 2014 at 6:12 PM, Slim Slam >>>>>>>>>>> <[email protected]>wrote: >>>>>>>>>>> >>>>>>>>>>>> Ansible 1.6.1 >>>>>>>>>>>> >>>>>>>>>>>> I'm trying to set things up so that I can specify a bastion >>>>>>>>>>>> host as a gateway >>>>>>>>>>>> to my other machines. >>>>>>>>>>>> >>>>>>>>>>>> I'd like Ansible to use an SSH config file that I keep in git. >>>>>>>>>>>> >>>>>>>>>>>> So, I have a file named "sshconfig" with: >>>>>>>>>>>> >>>>>>>>>>>> Host * >>>>>>>>>>>> >>>>>>>>>>>> ServerAliveInterval 60 >>>>>>>>>>>> >>>>>>>>>>>> TCPKeepAlive yes >>>>>>>>>>>> >>>>>>>>>>>> ProxyCommand ssh 55.232.102.151 'nc %h %p' >>>>>>>>>>>> >>>>>>>>>>>> ControlMaster auto >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Where 55.232.102.151 is the bastion IP address. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> My ansible.cfg file looks like: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> [defaults] >>>>>>>>>>>> >>>>>>>>>>>> transport = ssh >>>>>>>>>>>> >>>>>>>>>>>> ssh_args = -F sshconfig -o ControlPersist=15m >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> If I run "ssh -F sshconfig [email protected]" it uses the >>>>>>>>>>>> bastion server as expected. >>>>>>>>>>>> >>>>>>>>>>>> But Ansible doesn't ever seem to use my "sshconfig" file (I >>>>>>>>>>>> don't see anything about >>>>>>>>>>>> >>>>>>>>>>>> it in the verbose output, nor the bastion IP address). ' >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Does ssh_args actually permit "-F sshconfig" or does it only >>>>>>>>>>>> allow "-o param=something" options? >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> J >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>>> Google Groups "Ansible Project" group. >>>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>>> To post to this group, send email to >>>>>>>>>>>> [email protected]. >>>>>>>>>>>> >>>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/25b6293f- >>>>>>>>>>>> 28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/25b6293f-28b7-4e45-9f52-0cf4b53383f2%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>>>>>>>> . >>>>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>> Google Groups "Ansible Project" group. >>>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>>> send an email to [email protected]. >>>>>>>>>> To post to this group, send email to [email protected]. >>>>>>>>>> To view this discussion on the web visit >>>>>>>>>> https://groups.google.com/d/msgid/ansible-project/6fd8af45- >>>>>>>>>> ae09-45dc-9167-fd492db99dd0%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/6fd8af45-ae09-45dc-9167-fd492db99dd0%40googlegroups.com?utm_medium=email&utm_source=footer>. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "Ansible Project" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To post to this group, send email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msgid/ansible-project/f4ec2561- >>>>>>> a925-47a7-99e5-7116db810100%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/f4ec2561-a925-47a7-99e5-7116db810100%40googlegroups.com?utm_medium=email&utm_source=footer>. >>>>>>> >>>>>>> >>>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>>> >>>>>> >>>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Ansible Project" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> To view this discussion on the web visit https://groups.google.com/d/ >>>>> msgid/ansible-project/090b1989-ed9c-4ae8-9a15-ecefd329ca96% >>>>> 40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/090b1989-ed9c-4ae8-9a15-ecefd329ca96%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/9efa7c9d-8d22-4228-8dc0- >>>> 86eab4b31184%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/9efa7c9d-8d22-4228-8dc0-86eab4b31184%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/0c16cf5f-e2f5-4c05-9fde-2fe7e93b438b%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/0c16cf5f-e2f5-4c05-9fde-2fe7e93b438b%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgxx-LR%3DavWyP%2B4wWF89fJ8k_9BVoZ%3DKEpRy4Homakf1Bg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
