Hi,
Monica wrote:
> Thank you for sharing the same, however, I have already
> checked this article.
I was simply quoting the article which Will kindly shared to
mention that ProxyJump / -J might be a simpler method, even
within ansible_ssh_common_args.
[I reformatted some of the text you wrote as it arrived at
the list as one large block, which was rather hard to read.]
> I have a requirement to connect Host-A then I can connect
> Host-B. I can’t connect Host-B directly. So in this case
> how to execute the playbook task on Host-B from Control
> Machine? Because my control machine is centralized. Hence,
> my question is how to execute the playbook task on Host-B
> directly from the control machine via bastion host-: Below
> is an example of how I am connecting to the remote host
> via bastion host using ssh.
>
> ssh user@<remote-host IP>@<bastion-host-IP> -p 8022
Note that the ssh_config man page says of ProxyJump:
Specifies one or more jump proxies as either
[user@]host[:port] or an ssh URI.
It has further text regarding configuration applied to the
jump (aka bastion) host, which is worth reading.
Ansible uses the value from `ansible_ssh_common_args` to
create the full ssh command to connect to each host, so
`@<remote-host>` should not be included if you're using
ansible to connect to <remote-host> via <bastion-host>.
(If you've got multiple bastion hosts to pass through from
<control-host> to <remote-host>, you should probably get
things working with ssh directly and then map that to either
`ansible_ssh_common_args` or the `.ssh/config` of the user
running ansible on the control host.)
All that said, if you're going from <control-host> to
<remote-host> via <bastion-host> (on port 8022), I think
this would look like:
ansible_ssh_common_args='-J <bastion-user>@<bastion-host>:8022'
(I skipped the StrictHostKeyChecking option there simply for
brevity. I replaced -o ProxyJump with -J for the same
reason.)
That connects to the <remote-host> via the bastion host as
the given user and at the given port.
I find testing with the ansible ping module is helpful in
cases like this. It makes it easier to separate issues with
the playbook from issues with the ssh configuration. E.g.:
ansible <remote-host> -om ping
That should return:
<remote-host> | SUCCESS => {"changed": false,"ping": "pong"}
If not, adding -vvv to the command will show the ssh command
ansible used, which can be checked for sanity (and/or
compared to what works when you run ssh directly to get from
<control-host> to <remote-host> via <bastion-host>).
--
Todd
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/ZCpX8kenPz6HVuPL%40pobox.com.
