[ansible-project] Any way to re-read ssh_config on-the-fly from Ansible playbook?

Fri, 23 Jan 2015 04:29:23 -0800 

Hello, Ansible admins and users!

I am using Ansible with Amazon EC2.
I've configured provisioning of EC2 private hosts over public SSH bastions 
(exactly as specified here: 
http://alexbilbie.com/2014/07/using-ansible-with-a-bastion-host).
So I have an ssh_config like below containing settings for forwarding an 
SSH requests to private hosts over public ones:

# DEV bastion
Host ###.###.###.###
    User                   ubuntu
    HostName               ###.###.###.###
    ProxyCommand          none
    BatchMode              yes
    PasswordAuthentication no
    ForwardAgent           yes

Host *
    User                   ubuntu
    ServerAliveInterval    60
    TCPKeepAlive           yes
    ProxyCommand           ssh -q -A ubu...@bastion.dev.xxx.com nc %h %p
    ControlMaster          auto
    ControlPath            ~/.ssh/mux-%r@%h:%p
    ControlPersist         8h


But now I want to make generate this ssh_config on-the-fly from the 
playbook. I.e what do I need to implement:

1. Single playbook spins up public and private EC2 hosts, attaches EIPs to 
public host (SSH bastions, etc.) and adds them to public hosted zones so 
SSH bastions will have public DNS names
2. Using info about created topology, playbook generates new ssh_config 
file and starts using it instead of default one (without relaunch or 
retries)
3. Playbook continues nodes provisioning, but now private EC2 hosts are 
provisioned over public SSH bastions as configured in generated ssh_config 
specified

I am done with p.1, but now there is the problem - there is no way to tell 
Ansible to reload SSH config on-the-fly (without restarting playbook).
So no way to continue provisioning private hosts over public ones at the 
same playbook.

Could you, please suggest me an option to overcome this? Or, maybe, point 
me to the code I need to modify in Ansible to make this possible - any help 
will be very appreciated ;)

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/bd06ce79-cf79-4e4f-86c7-206e2c1cf765%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to