I'm using ansible to automate some tasks. One of those requires me to ssh to server A, then to B from A and then to C from B. I can't seem to find any way to get ansible to do that. Any suggestions?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Given that you do not use Paramiko for ssh (transport = ssh), Ansible will fully use your ~/.ssh/config. Therefore you can globally define all connection rules in your ssh configuration.
If for some reason you want Ansible to not use your default ssh config but provide an separate configuration, you can define this in your ansible.cfg:
[ssh_connection]
ssh_args= -F "/path/to/ssh/config/specifically/for/ansible"
In your ssh config then set up the connection rules. To stick with your example:
Host HostA
HostName real-host-name-A.com
Host HostB
HostName real-host-name-B.com
ProxyCommand ssh -q HostA nc %h %p
Host HostC
HostName real-host-name-C.com
ProxyCommand ssh -q HostB nc %h %p
- Connections to A are direct
- Connections to B go through A
- Connections to C go through B, which goes through A
回答2:
For Ansible 2.0 and above you can do the following:
Step #1: Edit the hosts file and add a line for your target host:
my-target-host ansible_host=10.10.105.23 ansible_ssh_private_key_file=~/.ssh/private_key ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q my-jump-node"'
Notice the use of the ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q my-jump-node"' which handles the proxying through the jump node.
Step #2: In the ~/.ssh/config file define your my-jump-node:
Host my-jump-node
Hostname <IP_ADDRESS>
User ubuntu
Port 22
IdentityFile /root/.ssh/nhc-moho/id_rsa # <<< Local path of private key
ControlMaster auto
ControlPath /tmp/ansible-%r@%h:%p
ControlPersist 5m
Step #3: Notice in step #1 above we have ansible_ssh_private_key_file=~/.ssh/private_key. This is the private_key stored at the my-jump-node and it's corresponding public key is stored at my-target-host.
The important thing to remember here is:
YOU HAVE TO COPY THIS PRIVATE KEY FROM THE my-jump-node MACHINE TO YOUR LOCAL MACHINE WHERE YOU RUN ANSIBLE, OR ELSE IT WILL FAIL TO CONNECT TO my-target-host
Step #4: Test it.
ansible my-target-host -m shell -a "echo 'TESTING'"
