Ansible with a bastion host / jump box? [duplicate]

by

With Ansible 2, this is a built-in option:

How do I configure a jump host to access servers that I have no direct access to?

With Ansible 2, you can set a ProxyCommand in the ansible_ssh_common_args inventory variable. Any arguments specified in this variable are added to the sftp/scp/ssh command line when connecting to the relevant host(s). Consider the following inventory group:

[gatewayed]
foo ansible_host=192.0.2.1
bar ansible_host=192.0.2.2

You can create group_vars/gatewayed.yml with the following contents:

ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q [email protected]"'

Ansible will append these arguments to the command line when trying to connect to any hosts in the group gatewayed. (These arguments are used in addition to any ssh_args from ansible.cfg, so you do not need to repeat global ControlPersist settings in ansible_ssh_common_args.)

Note that ssh -W is available only with OpenSSH 5.4 or later. With older versions, it’s necessary to execute nc %h:%p or some equivalent command on the bastion host.

If your jump box needs a private key file to connect (even if it’s the same key as the one used for the private subnet instances), use this instead:

ansible_ssh_common_args: '-o ProxyCommand="ssh -i <path-to-pem-file> -W %h:%p -q [email protected]"'

I spent hours trying to fix a problem that now seems like a simple and obvious solution.

More Related Contents:

  1. ansible command to list all known hosts
  2. How to use Ansible’s with_item with a variable?
  3. How can I use Ansible nested variable?
  4. How to copy files between two nodes using ansible
  5. Using set_facts and with_items together in Ansible
  6. Using Ansible set_fact to create a dictionary from register results
  7. Ansible fails with /bin/sh: 1: /usr/bin/python: not found
  8. How to loop over this dictionary in Ansible?
  9. In Ansible, how to combine variables from separate files into one array?
  10. Not possible to source .bashrc with Ansible
  11. Whats the difference between ansible ‘raw’, ‘shell’ and ‘command’?
  12. Specify sudo password for Ansible
  13. Why does Ansible show “ERROR! no action detected in task” error?
  14. How to switch a user per task or set of tasks?
  15. How can a user with SSH keys authentication have sudo powers in Ansible? [duplicate]
  16. Ansible: How to iterate over a role with an array?
  17. Ansible stdout Formatting
  18. Ansible: how to construct a variable from another variable and then fetch it’s value
  19. How to join a list of strings in Ansible?
  20. How to set environmental variables using Ansible
  21. ERROR! ‘fail’ is not a valid attribute for a Play
  22. Ansible shows error: “One or more undefined variables: ‘item’ is undefined” when using ‘with_items’
  23. How to set host_key_checking=false in ansible inventory file?
  24. Ansible with_subelements
  25. Ansible remote_user vs ansible_user
  26. How can I use a condition to set a variable value in Ansible?
  27. How can I copy files between two managed nodes using Ansible?
  28. Ansible – Save registered variable to file
  29. Rundeck integration with Ansible through plugin
  30. Accessing inventory host variable in Ansible playbook

Leave a Comment