[ansible-project] Re: Ansible 2.5 with ansible-hpe-cw7 module issue

[EDDY BEN-KAISSA]

Hi,

May be I must used the ansible_connection netconf to specify the method of 
connection to the switch

[hpe]
hp1 ansible_host=192.168.2.20 ansible_connection=netconf 

*Playbook example:*

 hosts: rtr1
  *connection: netconf*
  *remote_user: admin*



What do you thinking about ?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/13ea90ea-4742-4135-bcdf-07b9f4336152%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible and Packer

['J Hawkesworth' via Ansible Project]

Sure.

Install packer on the same machine as you have installed ansible Andy then 
start packer using shell module, delegated to local host. 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/117aa515-e4af-4c4d-8eed-40ee14e72cca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: Ansible user privilege

[Quang Truong]

I tried with this guide

https://stackoverflow.com/questions/37880491/ansible-tmp-ansible-tmp-permission-denied

It works for my case but I don't understand what happen behind the scene 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/42b3913e-0193-42dd-901a-9465d1d1f674%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Unnerving include_role behaviour

[Dave H]

Hi,

I'm trying to get some clarity on the expected behaviour of the following 
scenario. I've included the file contents of a demonstration set of roles 
below. My question is about the behaviour of the include vs import changes 
between 2.3.2.0 and 2.4+.  On 2.3.2.0, the included
role would be executed as part of roles/first/tasks/main.yml.  But in 2.4+, 
the included role is never executed at all, seemingly because the excluded 
second role (which has a dependency on first) is excluded.  

My expectation is the 2.3.2.0 behaviour where as first explicitly included, 
the included will be executed at that point.

Note: included isn't specified as a meta dependency of first as it is 
required to run at a particular point in the execution of first.  The second 
role is skipped for conditional reasons but I don't want that to affect the 
inclusion in the first role.  It's a bit unnerving if a role further down 
the playbook can have an impact on what a previous role in the playbook 
actually executes. i.e. I could have a playbook that does everything I 
want, then add a new conditional role to the playbook and break the 
original functionality.

Is this behaviour correct? Should I be changing the include_role in first 
to be import_role or doing something different, or is there something not 
right?

Running on ubuntu 14.04 and 16.04 with python 2.7.11.

Any advice would be greatly appreciated.

Many thanks,

Dave

With ansible 2.3.2.0, the "debug message from included" is executed as 
expected:

PLAY [localhost] 
***


TASK [Gathering Facts] 
*
ok: [localhost]


TASK [first : first debug from first] 
**
ok: [localhost] => {
"msg": "first debug from first"
}


TASK [included : debug message from included] 
**
ok: [localhost] => {
"msg": "debug message from included"
}


TASK [first : last debug from first] 
***
ok: [localhost] => {
"msg": "last debug from first"
}


TASK [included : debug message from included] 
**
skipping: [localhost]


TASK [second : Debug from second] 
**
skipping: [localhost]


PLAY RECAP 
*
localhost  : ok=4changed=0unreachable=0failed=0 


With ansible 2.5.0, the "debug message from included" is skipped:

PLAY [localhost] 
***


TASK [Gathering Facts] 
*
ok: [localhost]


TASK [first : first debug from first] 
**
ok: [localhost] => {
"msg": "first debug from first"
}


TASK [first : include_role] 



TASK [included : debug message from included] 
**
skipping: [localhost]


TASK [first : last debug from first] 
***
ok: [localhost] => {
"msg": "last debug from first"
}


TASK [second : Debug from second] 
**
skipping: [localhost]


PLAY RECAP 
*
localhost  : ok=3changed=0unreachable=0failed=0 


To run the playbook:
ansible-playbook -i "localhost," -c local playbook.yml

playbook.yml
---

- hosts: localhost
  roles:
- { role: first }
- { role: second, when: some_variable | default(false) }

roles/first/tasks/main.yml
---


- name: first debug from first
  debug:
 

Re: [ansible-project] Ansible Jinja2 filter error Rhel 7.4

[Shahzad Malik]

Yes. Equalto was added in 2.8 and I can't use this ver on RHEL at this
stage. Is there other than equalto solution which I can use with 2.7 On
RHEL 7.4? Thanks

On Monday, April 9, 2018, Kai Stian Olstad 
wrote:

> On Monday, 9 April 2018 14.38.51 CEST smitconsultant2...@gmail.com wrote:
> > Hi
> > I am trying to run below playbook to find the server (openstack host), on
> > which vm will be running using jinja2 filter but getting error no test
> > named 'equalto'. After googling found some ppl suggested upgrade jinja2
> and
> > I am using version 2.7 on RHEL which is latest for RHEL.
>
> Equalto was added in 2.8.
>
>
> --
> Kai Stian Olstad
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/5664000.Igbv7u9FxM%40x1.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAA1HA3ivVQA6UKOR_mV%2BPnDAmyb%2B_tb5AK7ArgjhgoCXrRtDjA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Ansible Jinja2 filter error Rhel 7.4

[Matt Martz]

Use `search` or `match` instead of `equalto`.  They are regex search tests.
 `search` matches anywhere within the string, `match` is bound to matching
where a string starts with a value.

On Mon, Apr 9, 2018 at 5:02 PM, Shahzad Malik 
wrote:

> Yes. Equalto was added in 2.8 and I can't use this ver on RHEL at this
> stage. Is there other than equalto solution which I can use with 2.7 On
> RHEL 7.4? Thanks
>
>
> On Monday, April 9, 2018, Kai Stian Olstad  com> wrote:
>
>> On Monday, 9 April 2018 14.38.51 CEST smitconsultant2...@gmail.com wrote:
>> > Hi
>> > I am trying to run below playbook to find the server (openstack host),
>> on
>> > which vm will be running using jinja2 filter but getting error no test
>> > named 'equalto'. After googling found some ppl suggested upgrade jinja2
>> and
>> > I am using version 2.7 on RHEL which is latest for RHEL.
>>
>> Equalto was added in 2.8.
>>
>>
>> --
>> Kai Stian Olstad
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-project+unsubscr...@googlegroups.com.
>> To post to this group, send email to ansible-project@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/ansible-project/5664000.Igbv7u9FxM%40x1.
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/CAA1HA3ivVQA6UKOR_mV%2BPnDAmyb%2B_
> tb5AK7ArgjhgoCXrRtDjA%40mail.gmail.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>



-- 
Matt Martz
@sivel
sivel.net

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAD8N0v-uerCKv8MpP8ighoz0XCdu3bDmOa5nq-D-hS2rwGSYOA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: HP ILO set from ansible (no OS installed)

[Dave H]

Hi Benny,

There are a couple of development modules in the ansible docs, e.g. 
https://docs.ansible.com/ansible/devel/modules/hpilo_boot_module.html, but 
I have not used them.

I use the python package from http://seveas.github.io/python-hpilo to 
expose a command line interface and use an example playbook like the 
following. You have to extract data from the output of the cli but it's 
fairly straightforward and very useful.

ansible-playbook -i "localhost," -c local playbook.yml

---

- hosts: localhost
  gather_facts: false

  vars:

ilo_host: "192.168.0.10"  # IP address / hostname of the iLO interface
ilo_user: "x" # username for the user to log into the iLO
ilo_password: "xx"# fetch from vault or other secret storage
hpilo_cli_cmd: "hpilo_cli {{ ilo_host }} --json --login='{{ ilo_user 
}}' --password='{{ ilo_password }}'"

  tasks:

  - name: Get current power status
command: "{{ hpilo_cli_cmd }} get_host_power_status"
register: hpilo_cli_get_host_power_status
  
  - name: Record power status
set_fact:
  power_status: "{% if 'ON' in hpilo_cli_get_host_power_status.stdout 
%}ON{% else %}OFF{% endif %}"

  - name: Power on server - if it is powered down
command: "{{hpilo_cli_cmd}} press_pwr_btn"
when: power_status != "ON"

  - name: Reboot server - if it is powered up
command: "{{hpilo_cli_cmd}} cold_boot_server"
when: power_status == "ON"

Hope that helps.

Dave


On Monday, 9 April 2018 09:37:15 UTC+1, Benny Kusman wrote:
>
> Hi,
>
> has anyone implemented setting up HP ILO using ansible, when the server 
> has no OS yet ?
> if the server has been installed and has hponcfg command, there is ansible 
> module for it.
>
> But wondering, if anyone has tried to setup the server in the ilo using 
> ansible (just simply specifying the ilo hostname, userid/password, port)
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/575de21c-8c32-448a-9f6c-f0567d1157ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Steps for ssh forwarding?

[Benny Kusman]

Michael,

you are SO RIGHT!
now the tunneling works after your clue! 
completely missed out this "*remote*"

On Monday, April 9, 2018 at 1:48:50 PM UTC, Michael Spiegle wrote:
>
> I think this is because the SSH command always expects a hostname even if 
> there isn't a hostname to use.  In your ssh -vvv debug output, you can see 
> that every single option is inside of [optional] brackets EXCEPT for the 
> hostname.  SSH won't actually use this hostname for anything, it just wants 
> some dumb string in that field.  In my config, I use the string "remote" 
> like 
> the following.  Note that the host "remote" doesn't exist and you'd 
> probably receive an error under normal circumstances:
>
> Host *.someserverbehindjumpbox.com
>  ControlMaster no
>  ProxyCommand ssh -S ~/.ssh/master-*@jumpboxserver:%p -W %h:%p
> ​ re
> mote
> ​
>
>
> On Mon, Apr 9, 2018 at 3:30 AM, Benny Kusman  > wrote:
>
>> This is the -vvv output:
>>
>> [root@WW-GVXQLC2 ansible]# ssh -F ssh.config bkusman@serverbehindjumpbox 
>> -p 670 -vvv
>> OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
>> debug1: Reading configuration data ssh.config
>> debug1: ssh.config line 28: Applying options for *
>> debug1: Executing proxy command: exec ssh -S ~/.ssh/master-*@
>> jumpboxserver:670 -W  serverbehindjumpbox:670
>> debug1: permanently_set_uid: 0/0
>> debug1: permanently_drop_suid: 0
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /root/.ssh/id_rsa type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /root/.ssh/id_rsa-cert type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /root/.ssh/id_dsa type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /root/.ssh/id_dsa-cert type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /root/.ssh/id_ecdsa type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /root/.ssh/id_ed25519 type -1
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /root/.ssh/id_ed25519-cert type -1
>> debug1: Enabling compatibility mode for protocol 2.0
>> debug1: Local version string SSH-2.0-OpenSSH_7.4
>> usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
>>[-D [bind_address:]port] [-E log_file] [-e escape_char]
>>[-F configfile] [-I pkcs11] [-i identity_file]
>>[-J [user@]host[:port]] [-L address] [-l login_name] [-m 
>> mac_spec]
>>[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R 
>> address]
>>[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
>>[user@]hostname [command]
>> ssh_exchange_identification: Connection closed by remote host
>>
>>
>> On Monday, April 9, 2018 at 7:18:32 AM UTC, Benny Kusman wrote:
>>>
>>> Hi
>>>
>>> ssh -F ssh.config -fN user@some_jumpbox  --> im able to establish this 
>>> and send it back to the background
>>> ssh -F ssh.config user@someserverbehindjumpbox --> does not work. the 
>>> message is: ssh_exchange_identification: Connection closed by remote 
>>> host
>>>
>>> the "hosts" im referring to is in the ssh.config. This is my ssh.config
>>>
>>> ==
>>> #jumpboxes first (most specific hosts first)
>>> Host jumpboxserver
>>>  ControlMaster yes
>>>  ControlPath ~/.ssh/master-%r@ jumpboxserver :%p
>>>  StrictHostkeyChecking no
>>>  ProxyCommand none
>>>  ControlPersist 10m
>>>
>>>
>>>
>>> # groups of machines that can be accessed by the above jumpboxes
>>>
>>>  
>>> Host *.someserverbehindjumpbox.com
>>>  ControlMaster no
>>>  ProxyCommand ssh -S ~/.ssh/master-*@jumpboxserver:%p -W  %h:%p
>>>
>>> # this makes ansible faster by reusing connections
>>> Host *
>>>  ControlMaster auto
>>>  ControlPersist 300s
>>>  ControlPath ~/.ssh/ansible-%r@%h:%p
>>> ==
>>>
>>>
>>>
>>> On Thu, Apr 5, 2018 at 12:46 PM, Michael Spiegle <
>>> mspi...@nauticaltech.com > wrote:
>>>
 By "hosts" file, do you mean /etc/hosts or the hosts in ssh.config?  
 Also, if you just run SSH by hand to login to a remote host, what happens?

 Ex:
 $ ssh -F ssh.config -fN user@some_jumpbox
 $ ssh -F ssh.config user@some_server_behind_jumpbox


 On Thursday, April 5, 2018 at 6:20:14 AM UTC-4, Benny Kusman wrote:
>
> this is a great step.
> im able to establish the tunneling with the jumphost.
> but i was wondering, what did you put in the hosts filfe ?
> im still not able to reach the server
>
> On Monday, February 16, 2015 at 12:11:58 AM UTC, Michael Spiegle wrote:
>>
>> As an additional datapoint, here's a brief summary of how I deal with 
>> this.  To complicate matters, my machines are split across various labs 

Re: [ansible-project] Re: HP ILO set from ansible (no OS installed)

[Amarjeet Raja]

Hi Benny,

As far as I know, Ansible doesn't have any modules which can do inital
configuration of an ILO. However, You can automate the ILO configuration
using HP Oneview along with ansible.  You can find the details in this url
: https://h20195.www2.hpe.com/v2/getpdf.aspx/4AA6-6348ENW.pdf

Regards,
Amarjeet

On Tue, Apr 10, 2018 at 9:08 AM, Dave H  wrote:

> Hi Benny,
>
> There are a couple of development modules in the ansible docs, e.g.
> https://docs.ansible.com/ansible/devel/modules/hpilo_boot_module.html,
> but I have not used them.
>
> I use the python package from http://seveas.github.io/python-hpilo to
> expose a command line interface and use an example playbook like the
> following. You have to extract data from the output of the cli but it's
> fairly straightforward and very useful.
>
> ansible-playbook -i "localhost," -c local playbook.yml
>
> ---
>
> - hosts: localhost
>   gather_facts: false
>
>   vars:
>
> ilo_host: "192.168.0.10"  # IP address / hostname of the iLO interface
> ilo_user: "x" # username for the user to log into the iLO
> ilo_password: "xx"# fetch from vault or other secret storage
> hpilo_cli_cmd: "hpilo_cli {{ ilo_host }} --json --login='{{ ilo_user
> }}' --password='{{ ilo_password }}'"
>
>   tasks:
>
>   - name: Get current power status
> command: "{{ hpilo_cli_cmd }} get_host_power_status"
> register: hpilo_cli_get_host_power_status
>
>   - name: Record power status
> set_fact:
>   power_status: "{% if 'ON' in hpilo_cli_get_host_power_status.stdout
> %}ON{% else %}OFF{% endif %}"
>
>   - name: Power on server - if it is powered down
> command: "{{hpilo_cli_cmd}} press_pwr_btn"
> when: power_status != "ON"
>
>   - name: Reboot server - if it is powered up
> command: "{{hpilo_cli_cmd}} cold_boot_server"
> when: power_status == "ON"
>
> Hope that helps.
>
> Dave
>
>
> On Monday, 9 April 2018 09:37:15 UTC+1, Benny Kusman wrote:
>>
>> Hi,
>>
>> has anyone implemented setting up HP ILO using ansible, when the server
>> has no OS yet ?
>> if the server has been installed and has hponcfg command, there is
>> ansible module for it.
>>
>> But wondering, if anyone has tried to setup the server in the ilo using
>> ansible (just simply specifying the ilo hostname, userid/password, port)
>>
>> Thanks
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/575de21c-8c32-448a-9f6c-f0567d1157ba%40googlegroups.
> com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CACLrQb04FjMO3Y-tFrCqETZruj%2BteQyp%3D%3DK%3DmKT6ppjTyyFDTw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Re: HP ILO set from ansible (no OS installed)

[Benny Kusman]

Hi Dave and  Amarjeet,

Thanks for the feedback.
i will give it a try!

Many thanks!

On Monday, April 9, 2018 at 8:37:15 AM UTC, Benny Kusman wrote:
>
> Hi,
>
> has anyone implemented setting up HP ILO using ansible, when the server 
> has no OS yet ?
> if the server has been installed and has hponcfg command, there is ansible 
> module for it.
>
> But wondering, if anyone has tried to setup the server in the ilo using 
> ansible (just simply specifying the ilo hostname, userid/password, port)
>
> Thanks
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/a602f485-9974-4a10-a376-71546824d138%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] ansible handling stdin input

[Benny Kusman]

Hi 

Hopefully someone has encountered and resolved this issue.

supposedly my playbook:
*- main: execute script*
*  shell: "/home/settingip"*

when executing the program, it will run and require stdin/keyboard input, 
such as IP, hostname, etc.

can i pre-fill this in ansible ? knowing that the prompt will have the same 
question everytime the command runs

Thank you!


-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/7021538f-5281-46dd-a411-9a775e0bfa0a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible handling stdin input

[Richard Hector]

On 09/04/18 21:57, Benny Kusman wrote:
> Hi 
> 
> Hopefully someone has encountered and resolved this issue.
> 
> supposedly my playbook:
> *- main: execute script*
> *  shell: "/home/settingip"*
> 
> when executing the program, it will run and require stdin/keyboard
> input, such as IP, hostname, etc.
> 
> can i pre-fill this in ansible ? knowing that the prompt will have the
> same question everytime the command runs

Have a look at the expect module:

https://docs.ansible.com/ansible/latest/modules/expect_module.html

Richard

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/8f27c340-1e8b-cb43-3be1-f34f49ce8b5e%40walnut.gen.nz.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Steps for ssh forwarding?

[Sosys]

Hi

ssh -F ssh.config -fN user@some_jumpbox  --> im able to establish this and
send it back to the background
ssh -F ssh.config user@someserverbehindjumpbox --> does not work. the
message is: ssh_exchange_identification: Connection closed by remote host

the "hosts" im referring to is in the ssh.config. This is my ssh.config

==
#jumpboxes first (most specific hosts first)
Host jumpboxserver
 ControlMaster yes
 ControlPath ~/.ssh/master-%r@ jumpboxserver :%p
 StrictHostkeyChecking no
 ProxyCommand none
 ControlPersist 10m



# groups of machines that can be accessed by the above jumpboxes


Host *.someserverbehindjumpbox.com
 ControlMaster no
 ProxyCommand ssh -S ~/.ssh/master-*@jumpboxserver:%p -W  %h:%p

# this makes ansible faster by reusing connections
Host *
 ControlMaster auto
 ControlPersist 300s
 ControlPath ~/.ssh/ansible-%r@%h:%p
==



On Thu, Apr 5, 2018 at 12:46 PM, Michael Spiegle 
wrote:

> By "hosts" file, do you mean /etc/hosts or the hosts in ssh.config?  Also,
> if you just run SSH by hand to login to a remote host, what happens?
>
> Ex:
> $ ssh -F ssh.config -fN user@some_jumpbox
> $ ssh -F ssh.config user@some_server_behind_jumpbox
>
>
> On Thursday, April 5, 2018 at 6:20:14 AM UTC-4, Benny Kusman wrote:
>>
>> this is a great step.
>> im able to establish the tunneling with the jumphost.
>> but i was wondering, what did you put in the hosts filfe ?
>> im still not able to reach the server
>>
>> On Monday, February 16, 2015 at 12:11:58 AM UTC, Michael Spiegle wrote:
>>>
>>> As an additional datapoint, here's a brief summary of how I deal with
>>> this.  To complicate matters, my machines are split across various labs in
>>> different locations which each have their own bastion/jumpbox.  I use ssh
>>> keys sometimes, and hard coded passwords for some other machines:
>>>
>>> ansible.cfg:
>>> [defaults]
>>> hostfile = hosts
>>> error_on_undefined_vars = True
>>> host_key_checking = False
>>> transport = ssh
>>> jinja2_extensions = jinja2.ext.do
>>>
>>> [ssh_connection]
>>> ssh_args = -F ssh.config
>>> pipelining = True
>>>
>>>
>>> ssh.config (referenced in ansible.cfg).  Note that if you have a new
>>> enough version of ssh, you can use the -W flag instead of nc:
>>> #jumpboxes first (most specific hosts first)
>>> Host jumpbox01 10.1.0.10
>>>  ControlMaster yes
>>>  ControlPath ~/.ssh/master-%r@jumpbox01:%p
>>>  StrictHostkeyChecking no
>>>  ProxyCommand none
>>>
>>> Host jumpbox02 10.2.0.10
>>>  ControlMaster yes
>>>  ControlPath ~/.ssh/master-%r@jumpbox02:%p
>>>  StrictHostkeyChecking no
>>>  ProxyCommand none
>>>
>>> Host jumpbox03 10.3.0.10
>>>  ControlMaster yes
>>>  ControlPath ~/.ssh/master-%r@jumpbox03:%p
>>>  StrictHostkeyChecking no
>>>  ProxyCommand none
>>>
>>> # groups of machines that can be accessed by the above jumpboxes
>>> Host *.west.domain.com 10.1.0.*
>>>  ControlMaster no
>>>  ProxyCommand ssh -S ~/.ssh/master-*@jumpbox01:%p remote nc %h %p
>>>
>>> Host *.central.domain.com 10.2.0.*
>>>  ControlMaster no
>>>  ProxyCommand ssh -S ~/.ssh/master-*@jumpbox02:%p remote nc %h %p
>>>
>>> Host *.east.domain.com 10.3.0.*
>>>  ControlMaster no
>>>  ProxyCommand ssh -S ~/.ssh/master-*@jumpbox03:%p remote nc %h %p
>>>
>>> # this makes ansible faster by reusing connections
>>> Host *
>>>
>>>  ControlMaster auto
>>>  ControlPersist 300s
>>>  ControlPath ~/.ssh/ansible-%r@%h:%p
>>>
>>> Once I have those configs setup, I have to run the following to
>>> establish a tunnel to a jumpbox/bastion before I can run ansible:
>>> $ ssh -F ssh.config -fN user@jumpbox01
>>>
>>>
>>> When I run the above, it asks for the password (or uses my SSH key),
>>> then SSH goes into the background and then the tunnel is established.
>>>
>>> I do all of my deployments this way by creating a Jenkins job that
>>> establishes the tunnel, runs ansible, then tears down the tunnel using
>>> something like:
>>>
>>> ssh -O exit -TS ~/.ssh/path-to-socket
>>>
>>> Some of the jumpboxes use dumb passwords, some of them use keys, and one
>>> of them requires an RSA token (2-factor auth).  For the RSA machine, my
>>> Jenkins job presents the user with a form that has 2 fields: 2-Factor
>>> Username, and 2-Factor Passcode.  The passcode is generated by an RSA token
>>> keyfob (or smartphone app).  In order to make this work, I had to write a
>>> custom expect script because the SSH prompt for the RSA token reads "Enter
>>> PASSCODE" instead of "Password" which is what sshpass is hardcoded to look
>>> for.  Here's my expect script to catch all the variations:
>>>
>>> #!/usr/bin/env expect
>>> set timeout 30
>>> set userhost [lindex $argv 0]
>>> spawn ssh -fN -F ssh.config $userhost
>>>
>>> expect {
>>>   "Enter PASSCODE:" {
>>> send "$env(SSH_PASSWORD)\n"
>>> send "\n"
>>>   }
>>>
>>>   "Password:" {
>>> send "$env(SSH_PASSWORD)\n"
>>> send "\n"
>>>   }
>>>
>>>   "password:" {
>>> send 

[ansible-project] MySQL install with ansible

[Nirmalya Paul]

hello all, 
I need a help. I need to install mysql using Ansible on CentOs. Can u 
please show me whole process to do it .

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/155f9a2c-f9b8-4d4d-94e9-881821614bcc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] HP ILO set from ansible (no OS installed)

[Benny Kusman]

Hi,

has anyone implemented setting up HP ILO using ansible, when the server has 
no OS yet ?
if the server has been installed and has hponcfg command, there is ansible 
module for it.

But wondering, if anyone has tried to setup the server in the ilo using 
ansible (just simply specifying the ilo hostname, userid/password, port)

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/dbcf0ab0-ee4e-4fd3-beb5-a9b70f2ab2cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Steps for ssh forwarding?

[Benny Kusman]

This is the -vvv output:

[root@WW-GVXQLC2 ansible]# ssh -F ssh.config bkusman@serverbehindjumpbox -p 
670 -vvv
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
debug1: Reading configuration data ssh.config
debug1: ssh.config line 28: Applying options for *
debug1: Executing proxy command: exec ssh -S ~/.ssh/master-*@jumpboxserver:670 
-W  serverbehindjumpbox:670
debug1: permanently_set_uid: 0/0
debug1: permanently_drop_suid: 0
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
   [-D [bind_address:]port] [-E log_file] [-e escape_char]
   [-F configfile] [-I pkcs11] [-i identity_file]
   [-J [user@]host[:port]] [-L address] [-l login_name] [-m 
mac_spec]
   [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
   [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
   [user@]hostname [command]
ssh_exchange_identification: Connection closed by remote host


On Monday, April 9, 2018 at 7:18:32 AM UTC, Benny Kusman wrote:
>
> Hi
>
> ssh -F ssh.config -fN user@some_jumpbox  --> im able to establish this 
> and send it back to the background
> ssh -F ssh.config user@someserverbehindjumpbox --> does not work. the 
> message is: ssh_exchange_identification: Connection closed by remote host
>
> the "hosts" im referring to is in the ssh.config. This is my ssh.config
>
> ==
> #jumpboxes first (most specific hosts first)
> Host jumpboxserver
>  ControlMaster yes
>  ControlPath ~/.ssh/master-%r@ jumpboxserver :%p
>  StrictHostkeyChecking no
>  ProxyCommand none
>  ControlPersist 10m
>
>
>
> # groups of machines that can be accessed by the above jumpboxes
>
>  
> Host *.someserverbehindjumpbox.com
>  ControlMaster no
>  ProxyCommand ssh -S ~/.ssh/master-*@jumpboxserver:%p -W  %h:%p
>
> # this makes ansible faster by reusing connections
> Host *
>  ControlMaster auto
>  ControlPersist 300s
>  ControlPath ~/.ssh/ansible-%r@%h:%p
> ==
>
>
>
> On Thu, Apr 5, 2018 at 12:46 PM, Michael Spiegle <
> mspie...@nauticaltech.com> wrote:
>
>> By "hosts" file, do you mean /etc/hosts or the hosts in ssh.config?  
>> Also, if you just run SSH by hand to login to a remote host, what happens?
>>
>> Ex:
>> $ ssh -F ssh.config -fN user@some_jumpbox
>> $ ssh -F ssh.config user@some_server_behind_jumpbox
>>
>>
>> On Thursday, April 5, 2018 at 6:20:14 AM UTC-4, Benny Kusman wrote:
>>>
>>> this is a great step.
>>> im able to establish the tunneling with the jumphost.
>>> but i was wondering, what did you put in the hosts filfe ?
>>> im still not able to reach the server
>>>
>>> On Monday, February 16, 2015 at 12:11:58 AM UTC, Michael Spiegle wrote:

 As an additional datapoint, here's a brief summary of how I deal with 
 this.  To complicate matters, my machines are split across various labs in 
 different locations which each have their own bastion/jumpbox.  I use ssh 
 keys sometimes, and hard coded passwords for some other machines:

 ansible.cfg:
 [defaults]
 hostfile = hosts 
 error_on_undefined_vars = True 
 host_key_checking = False 
 transport = ssh 
 jinja2_extensions = jinja2.ext.do 

 [ssh_connection] 
 ssh_args = -F ssh.config 
 pipelining = True


 ssh.config (referenced in ansible.cfg).  Note that if you have a new 
 enough version of ssh, you can use the -W flag instead of nc:
 #jumpboxes first (most specific hosts first)
 Host jumpbox01 10.1.0.10
  ControlMaster yes
  ControlPath ~/.ssh/master-%r@jumpbox01:%p
  StrictHostkeyChecking no
  ProxyCommand none

 Host jumpbox02 10.2.0.10
  ControlMaster yes
  ControlPath ~/.ssh/master-%r@jumpbox02:%p
  StrictHostkeyChecking no
  ProxyCommand none

 Host jumpbox03 10.3.0.10
  ControlMaster yes
  ControlPath ~/.ssh/master-%r@jumpbox03:%p
  StrictHostkeyChecking no
  ProxyCommand none

 # groups of machines that can be accessed by the above 

Re: [ansible-project] Ansible Jinja2 filter error Rhel 7.4

[Kai Stian Olstad]

On Monday, 9 April 2018 14.38.51 CEST smitconsultant2...@gmail.com wrote:
> Hi
> I am trying to run below playbook to find the server (openstack host), on 
> which vm will be running using jinja2 filter but getting error no test 
> named 'equalto'. After googling found some ppl suggested upgrade jinja2 and 
> I am using version 2.7 on RHEL which is latest for RHEL.

Equalto was added in 2.8.


-- 
Kai Stian Olstad

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5664000.Igbv7u9FxM%40x1.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Ansible Jinja2 filter error Rhel 7.4

[smitconsultant2017]

Hi
I am trying to run below playbook to find the server (openstack host), on 
which vm will be running using jinja2 filter but getting error no test 
named 'equalto'. After googling found some ppl suggested upgrade jinja2 and 
I am using version 2.7 on RHEL which is latest for RHEL. I was able to 
somehow make this playbook work once but not sure how which proved that 
code is working. I am struggling since then but have no luck yet. I found 
compatibility issue on bugzilla between this jinja2 ver and ansible/ansible 
Tower? Can Anyone suggest what other filter or way I can choose to achieve 
this which works on below jinja2 version? Thanks

Playbook:

- hosts: localhost
  vars:
   openstack: [reg1, reg2, reg3, reg4]

  tasks:
- name: Command to find os server where vm exists
  shell: somecommand-to-check-if-vm-exist | wc -l
  delegate_to: "{{ item }}"
  with_items: "{{ openstack }}"
  register: vm_check

- name: set fact
  set_fact:
os_server: "{{ (vm_check.results | selectattr('stdout','equalto','1') | 
list | first }}"

- name: debug var
  debug:
msg: "{{ os_server }}"

Error below:

"msg": "Unexpected failure during module execution.", "exception": 
"Traceback File \"/usr/lib/python2.7/site-packages/jinja2/environment.py\", 
line 438, in call_test\n raise TemplateRuntimeError('no test named %r' % 
name)\nTemplateRuntimeError: no test named 'equalto'\n", "stdout": "" }
ansible --version ansible 2.4.3.0

ansible Tower ver: < Tower 3.2.3 >

python version = 2.7.5 (default, May 3 2017, 07:55:04) [GCC 4.8.5
I am using RHEL 7. 
rpm -q python-jinja2 
python-jinja2-2.7.2-2.el7.noarch

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/9108a890-b325-4061-b6b7-f4a6bbc52238%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] ansible handling stdin input

[Benny Kusman]

thanks Richard!

On Monday, April 9, 2018 at 6:04:51 PM UTC+8, richard wrote:
>
> On 09/04/18 21:57, Benny Kusman wrote: 
> > Hi  
> > 
> > Hopefully someone has encountered and resolved this issue. 
> > 
> > supposedly my playbook: 
> > *- main: execute script* 
> > *  shell: "/home/settingip"* 
> > 
> > when executing the program, it will run and require stdin/keyboard 
> > input, such as IP, hostname, etc. 
> > 
> > can i pre-fill this in ansible ? knowing that the prompt will have the 
> > same question everytime the command runs 
>
> Have a look at the expect module: 
>
> https://docs.ansible.com/ansible/latest/modules/expect_module.html 
>
> Richard 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/76d16823-6f61-4955-8037-fbeb2392f4b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] map vs with_items

[tom . reynick]

I would like to understand semantics of `with_items` in ansible and compare 
this approach to `map` for example. 

For example, let consider:  

`{{ ["1","2", "3"]  | map('regex_replace', '^(.*)$', \1'some tail')  tail 
}}`

How to reach the same effect using `with_items` ? 
And in general how does it work ? Where is the body of this loop ?
For example (got from some stack overflow thread):

---
- hosts: localhost
  tasks:
  - name: set fact 1
set_fact: foo="[ 'zero' ]"

  - name: set fact 2
set_fact: foo="{{ foo }} + [ 'one' ]"

  - name: set fact 3
set_fact: foo="{{ foo }} + [ 'two', 'three' ]"

  - name: set fact 4
set_fact: foo="{{ foo }} + [ '{{ item }}' ]"
with_items:
  - four
  - five
  - six

  - debug: var=foo

To sum up, the question is about which approach is better (`map` vs 
`with_items`) and possible details of working (e.g. where  is body of this 
loop) 
Each detail of working ansible is welcome!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/70e4f30e-b8b7-4d2f-807a-c10d5fbde686%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[ansible-project] Possible approaches to iteration

[tom . reynick]

I would like to understand semantics of `with_items` in ansible and compare 
this approach to `map` for example. 

For example, let consider:  

`{{ ["1","2", "3"]  | map('regex_replace', '^(.*)$', \1'some tail')  tail 
}}`

How to reach the same effect using `with_items` ? 
And in general how does it work ? Where is the body of this loop ?
For example (got from some stack overflow thread):

---
- hosts: localhost
  tasks:
  - name: set fact 1
set_fact: foo="[ 'zero' ]"

  - name: set fact 2
set_fact: foo="{{ foo }} + [ 'one' ]"

  - name: set fact 3
set_fact: foo="{{ foo }} + [ 'two', 'three' ]"

  - name: set fact 4
set_fact: foo="{{ foo }} + [ '{{ item }}' ]"
with_items:
  - four
  - five
  - six

  - debug: var=foo

To sum up, the question is about which approach is better (`map` vs 
`with_items`) and possible details of working (e.g. where  is body of this 
loop) 
Each detail of working ansible is welcome!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3be9928e-c824-4934-bbec-4e813dd54505%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [ansible-project] Re: Steps for ssh forwarding?

[Michael Spiegle]

I think this is because the SSH command always expects a hostname even if
there isn't a hostname to use.  In your ssh -vvv debug output, you can see
that every single option is inside of [optional] brackets EXCEPT for the
hostname.  SSH won't actually use this hostname for anything, it just wants
some dumb string in that field.  In my config, I use the string "remote"
like
the following.  Note that the host "remote" doesn't exist and you'd
probably receive an error under normal circumstances:

Host *.someserverbehindjumpbox.com
 ControlMaster no
 ProxyCommand ssh -S ~/.ssh/master-*@jumpboxserver:%p -W %h:%p
​ re
mote
​


On Mon, Apr 9, 2018 at 3:30 AM, Benny Kusman  wrote:

> This is the -vvv output:
>
> [root@WW-GVXQLC2 ansible]# ssh -F ssh.config bkusman@serverbehindjumpbox
> -p 670 -vvv
> OpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017
> debug1: Reading configuration data ssh.config
> debug1: ssh.config line 28: Applying options for *
> debug1: Executing proxy command: exec ssh -S ~/.ssh/master-*@jumpboxserver
> :670 -W  serverbehindjumpbox:670
> debug1: permanently_set_uid: 0/0
> debug1: permanently_drop_suid: 0
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_rsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_dsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ecdsa-cert type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519 type -1
> debug1: key_load_public: No such file or directory
> debug1: identity file /root/.ssh/id_ed25519-cert type -1
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_7.4
> usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
>[-D [bind_address:]port] [-E log_file] [-e escape_char]
>[-F configfile] [-I pkcs11] [-i identity_file]
>[-J [user@]host[:port]] [-L address] [-l login_name] [-m
> mac_spec]
>[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R
> address]
>[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
>[user@]hostname [command]
> ssh_exchange_identification: Connection closed by remote host
>
>
> On Monday, April 9, 2018 at 7:18:32 AM UTC, Benny Kusman wrote:
>>
>> Hi
>>
>> ssh -F ssh.config -fN user@some_jumpbox  --> im able to establish this
>> and send it back to the background
>> ssh -F ssh.config user@someserverbehindjumpbox --> does not work. the
>> message is: ssh_exchange_identification: Connection closed by remote host
>>
>> the "hosts" im referring to is in the ssh.config. This is my ssh.config
>>
>> ==
>> #jumpboxes first (most specific hosts first)
>> Host jumpboxserver
>>  ControlMaster yes
>>  ControlPath ~/.ssh/master-%r@ jumpboxserver :%p
>>  StrictHostkeyChecking no
>>  ProxyCommand none
>>  ControlPersist 10m
>>
>>
>>
>> # groups of machines that can be accessed by the above jumpboxes
>>
>>
>> Host *.someserverbehindjumpbox.com
>>  ControlMaster no
>>  ProxyCommand ssh -S ~/.ssh/master-*@jumpboxserver:%p -W  %h:%p
>>
>> # this makes ansible faster by reusing connections
>> Host *
>>  ControlMaster auto
>>  ControlPersist 300s
>>  ControlPath ~/.ssh/ansible-%r@%h:%p
>> ==
>>
>>
>>
>> On Thu, Apr 5, 2018 at 12:46 PM, Michael Spiegle <
>> mspie...@nauticaltech.com> wrote:
>>
>>> By "hosts" file, do you mean /etc/hosts or the hosts in ssh.config?
>>> Also, if you just run SSH by hand to login to a remote host, what happens?
>>>
>>> Ex:
>>> $ ssh -F ssh.config -fN user@some_jumpbox
>>> $ ssh -F ssh.config user@some_server_behind_jumpbox
>>>
>>>
>>> On Thursday, April 5, 2018 at 6:20:14 AM UTC-4, Benny Kusman wrote:

 this is a great step.
 im able to establish the tunneling with the jumphost.
 but i was wondering, what did you put in the hosts filfe ?
 im still not able to reach the server

 On Monday, February 16, 2015 at 12:11:58 AM UTC, Michael Spiegle wrote:
>
> As an additional datapoint, here's a brief summary of how I deal with
> this.  To complicate matters, my machines are split across various labs in
> different locations which each have their own bastion/jumpbox.  I use ssh
> keys sometimes, and hard coded passwords for some other machines:
>
> ansible.cfg:
> [defaults]
> hostfile = hosts
> error_on_undefined_vars = True
> host_key_checking = False
> transport = ssh
> jinja2_extensions =