Made it work with the ssh command you have written in your post.
Now I need to figure out how move this ssh command into ansible
configuration.
If I understand correctly, when you try to connect to a machine with
protocol other than ssh, ansible ignores any ssh configurations so it does
not create the local socket to the bastion
On Wednesday, 15 May 2019 12:02:23 UTC+3, Gil Shinar wrote:
>
> Hi Jordan,
>
> Got back to that now. Joined forces with other team members but it just
> doesn't work.
> We always get the error message:
> ConnectionError: SOCKSHTTPConnectionPool(host='*.*.*.*', port=5985): Max
> retries exceeded with url: /wsman (Caused by
> NewConnectionError('<urllib3.contrib.socks.SOCKSConnection object at
> 0x7f7fbe844450>: Failed to establish a new connection: [Errno 111]
> Connection ref
> used',))
>
> We've tried lots of stuff. Both ports (5985 and 5986). We've set the
> following parameters in the playbook:
> ansible_user: Administrator
> ansible_password: ********
> ansible_psrp_proxy: socks5h://0.0.0.0:1234
> ansible_connection: psrp
> ansible_psrp_protocol: http
> ansible_port: 5985
>
> We've also tried:
> ansible_psrp_max_envelope_size: 1536000
>
> We've also tried socks5 instead of socks5h
>
> As for ssh configurations, we've used the following:
> Host 10.0.*.*
> ProxyCommand ssh -CfN -D 0.0.0.0:1234 -p 22 -W %h:%p ubuntu@bastion
> IdentityFile ~/.ssh/keyFile.pem
> StrictHostKeyChecking no
> UserKnownHostsFile /dev/null
>
> Host bastion
> Hostname <bastion IP>
> User ubuntu
> IdentityFile ~/.ssh/keyFile.pem
> ControlMaster auto
> ControlPath ~/.ssh/ansible-%r@%h:%p
> ControlPersist 5
> StrictHostKeyChecking no
> UserKnownHostsFile /dev/null
>
> What else are we missing here? Everything works from inside a docker
> container. The bastion is an AWS instance and the remote machine is also an
> AWS instance.
> We thought that it might be a firewall on the way so we've created a
> another AWS instance and run everything from there. Nothing!
>
> Do you have any other suggestions?
>
> Thanks
> Gil
>
> On Monday, 15 October 2018 01:17:15 UTC+3, Jordan Borean wrote:
>>
>> Hey Gil (and anyone else interested)
>>
>> I finally was able to document this a bit more thoroughly with a step by
>> step example at
>> http://www.bloggingforlogging.com/2018/10/14/windows-host-through-ssh-bastion-on-ansible/.
>>
>> No idea if you are still working on this but potentially you need to define
>> the proxy with the schema "socks5h://", the extra h on the end means all
>> DNS resolution is done on the bastion host and not the Ansible client.
>>
>> Thanks
>>
>> Jordan
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2a371c2d-2cc0-4f70-9df5-829ac625ad9c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
