Hi Chris,
wait_for doesnt not use ssh/config files and will uses tcp connection to
test if port 22 is open for connection and hence tries to lookup the ip via
dns. maybe you could try the below to test if ssh has come up or not.
local_action: shell ssh "{{item['private_dns_name'] }}" echo hello
register: foo
retries: 5
delay: 5
until: foo.stdout.find('hello') != -1
On Wed, Jun 3, 2015 at 1:24 AM, <[email protected]> wrote:
> Hi,
>
> I am trying to figure out how to use wait_for to start to detect ssh on a
> VPC host that needs to use 2 tunnels to be reached. I cannot use the IP
> address as it collides with my local network. DNS also doesn't work but my
> tunnels work fine. I'm using SOCKs because I use a browser to access the
> VPC too.
>
> Here is my setup in pictograph:
>
> Dev -> bastion.Prod -> Bastion.AWS -> VPC/internal
>
> There is ONLY ssh available via Dev & bastion.Prod, hence SOCKs tunnel1
> for the rest of *.example.com hosts. Bastion.AWS can only be reached via
> Prod via SSH hence a 2nd SOCKS tunnel. Bastion.AWS can only reach VPC via
> ssh. 10.0.0.0/24 is the bastion subnet. 10.0.1.0/24 is the internal
> subnet. I'm launching instances into VPC/10.0.1.0
>
> I use Host namespaces in .ssh/config (which are generally NOT dns
> resolvable from Dev) to decide the tunnel to use.
>
> I can only reach bastion.example.com directly and by it's resolvable dns
> name - the only dns resolvable name.
>
> My tunnel works as follows:
>
> Host *.example.com
> ProxyCommand nc -x localhost:1080 %h %p
> Host ec2
> ServerAliveInterval 50
> DynamicForward localhost:1090
> User ec2-user
> ProxyCommand nc -x localhost:1080 54.165.xx.yy 22
>
> Host ip-10-0-1-*.ec2.internal
> ProxyCommand nc -x localhost:1090 %h %p
> User ubuntu
> IdentityFile /home/me/.ssh/soc-proto-internal.pem
> # bastion
> Host ip-10-0-0-*.ec2.internal
> ProxyCommand nc -x localhost:1090 %h %p
> User ec2-user
> IdentityFile /home/fortescu/.ssh/soc-proto-useast1.pem
>
>
>
> tunnel1:
>
> dev # ssh -vvv -D 1080 -N -q [email protected]
>
> OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011
>
> tunnel2:
>
> dev # ssh ec2
>
> Amazon Linux version 2015.03 is available.
>
> [ec2-user@ip-10-0-0-188 ~]$
>
> Now, from Dev the following works fine:
> dev # ssh ip-10.0.1.32
>
> Last login: Tue Jun 2 19:15:07 2015 from ip-10-0-0-188.ec2.internal
>
> ubuntu@ip-10-0-1-32:~$
>
> So how can I get this to work with wait_for?! The 'private_dns_name'
> emits and is in the tmp wait_for python script so it's got the right form.
> I can even grab the that same address while waiting on wait_for and ssh
> into it!
> Here's the relevant ansible play:
>
>
> - name: Launch Opscenter instances
>
> ec2:
>
> key_name: "{{ key_name }}"
>
> group_id: "{{ security_group }}"
>
> instance_type: "{{ instance_type }}"
>
> image: "{{ image }}"
>
> wait: true
>
> region: "{{ region }}"
>
> vpc_subnet_id: "{{ subnet_id }}"
>
> assign_public_ip: no
>
> ebs_optimized: no
>
> instance_tags:
>
> Name: "cassandra_opscenter"
>
> dbtype: cassandra
>
>
> register: ec2
>
>
> - name: Logging
>
> debug: msg="{{ item }}"
>
> with_items: ec2.instances
>
>
> - name: Add new instance to host group
>
> add_host: hostname={{ item['private_dns_name'] }}
> ansible_ssh_host={{ item['private_dns_name'] }}
> groups=launched,opscenter_nodes
>
> with_items: ec2.instances
>
>
> - name: Wait for SSH to come up
>
> local_action: wait_for port=22 host="{{ item['private_dns_name'] }}"
> search_regex=OpenSSH delay=10
>
> with_items: ec2.instances
> I know I must be missing something obvious but it seems like wait_for is
> stubborning trying to use DNS (which will fail) instead of .ssh/config.
>
> Am I chasing a unicorn here? Can this be made to work?
>
> Any and all advice deeply appreciated.
>
> Chris
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/bef08c76-7742-49cb-816e-14dd1e5b1794%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/bef08c76-7742-49cb-816e-14dd1e5b1794%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAFUV_d5Oz9dG_%2B%2BiHZ3q-TsEW7ocg-wJ0AK5%2Bjo2ttA--SPj%3DA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
