Hi,
I am trying to figure out how to use wait_for to start to detect ssh on a
VPC host that needs to use 2 tunnels to be reached. I cannot use the IP
address as it collides with my local network. DNS also doesn't work but my
tunnels work fine. I'm using SOCKs because I use a browser to access the
VPC too.
Here is my setup in pictograph:
Dev -> bastion.Prod -> Bastion.AWS -> VPC/internal
There is ONLY ssh available via Dev & bastion.Prod, hence SOCKs tunnel1 for
the rest of *.example.com hosts. Bastion.AWS can only be reached via Prod
via SSH hence a 2nd SOCKS tunnel. Bastion.AWS can only reach VPC via ssh.
10.0.0.0/24 is the bastion subnet. 10.0.1.0/24 is the internal subnet.
I'm launching instances into VPC/10.0.1.0
I use Host namespaces in .ssh/config (which are generally NOT dns
resolvable from Dev) to decide the tunnel to use.
I can only reach bastion.example.com directly and by it's resolvable dns
name - the only dns resolvable name.
My tunnel works as follows:
Host *.example.com
ProxyCommand nc -x localhost:1080 %h %p
Host ec2
ServerAliveInterval 50
DynamicForward localhost:1090
User ec2-user
ProxyCommand nc -x localhost:1080 54.165.xx.yy 22
Host ip-10-0-1-*.ec2.internal
ProxyCommand nc -x localhost:1090 %h %p
User ubuntu
IdentityFile /home/me/.ssh/soc-proto-internal.pem
# bastion
Host ip-10-0-0-*.ec2.internal
ProxyCommand nc -x localhost:1090 %h %p
User ec2-user
IdentityFile /home/fortescu/.ssh/soc-proto-useast1.pem
tunnel1:
dev # ssh -vvv -D 1080 -N -q [email protected]
OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
tunnel2:
dev # ssh ec2
Amazon Linux version 2015.03 is available.
[ec2-user@ip-10-0-0-188 ~]$
Now, from Dev the following works fine:
dev # ssh ip-10.0.1.32
Last login: Tue Jun 2 19:15:07 2015 from ip-10-0-0-188.ec2.internal
ubuntu@ip-10-0-1-32:~$
So how can I get this to work with wait_for?! The 'private_dns_name' emits
and is in the tmp wait_for python script so it's got the right form. I can
even grab the that same address while waiting on wait_for and ssh into it!
Here's the relevant ansible play:
- name: Launch Opscenter instances
ec2:
key_name: "{{ key_name }}"
group_id: "{{ security_group }}"
instance_type: "{{ instance_type }}"
image: "{{ image }}"
wait: true
region: "{{ region }}"
vpc_subnet_id: "{{ subnet_id }}"
assign_public_ip: no
ebs_optimized: no
instance_tags:
Name: "cassandra_opscenter"
dbtype: cassandra
register: ec2
- name: Logging
debug: msg="{{ item }}"
with_items: ec2.instances
- name: Add new instance to host group
add_host: hostname={{ item['private_dns_name'] }} ansible_ssh_host={{
item['private_dns_name'] }} groups=launched,opscenter_nodes
with_items: ec2.instances
- name: Wait for SSH to come up
local_action: wait_for port=22 host="{{ item['private_dns_name'] }}"
search_regex=OpenSSH delay=10
with_items: ec2.instances
I know I must be missing something obvious but it seems like wait_for is
stubborning trying to use DNS (which will fail) instead of .ssh/config.
Am I chasing a unicorn here? Can this be made to work?
Any and all advice deeply appreciated.
Chris
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/bef08c76-7742-49cb-816e-14dd1e5b1794%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
