Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

allow for ssh-specific arguments #6238

Closed
wants to merge 1 commit into from

Conversation

@jeremyherbert
Copy link

jeremyherbert commented Mar 2, 2014

Hi,

scp and scp are not necessarily argument compatible. For example, the -R switch (which allows you to create a reverse tunnel) is usable on SSH only and not SCP. I am trying to use this in an ansible script but unfortunately there is no configuration option to pass arguments to just the ssh command and not scp/sftp.

This code allows you to specify commands that will only be passed to ssh via ssh_specific_args in ansible.cfg.

@mpdehaan
Copy link
Contributor

mpdehaan commented Mar 3, 2014

Are you actually passing -R with ansible? I'm not sure that entirely makes sense with Ansible's calling architecture and perhaps is something that should be done explicitly instead?

Basically I'm wanting to understand more about the underlying use case prior to adding this.

Thanks!

@jeremyherbert
Copy link
Author

jeremyherbert commented Mar 3, 2014

Hi again,

I am using the -R flag successfully now with this change. My use case is this: I have hosts which have extremely limited internet access; they have 443 forwarded via a proxy on the frontend, and I can SSH to them. That's about it and it is not under my control. Unfortunately, I need to do things like pull code off github, download packages and various other internet related tasks.

The way I have solved this is to run tinyproxy locally on my machine, and forward a port back to it using SSH arguments. Then, simply by adding an extra environment attribute to a task, I can selectively give tasks access to the internet for things like wget. For example:

ansible.cfg:

[ssh_connection]
ssh_specific_args = -R 12346:localhost:12345

vars.yml:

--
proxy_environment:
  http_proxy: http://localhost:12346
  https_proxy: http://localhost:12346

playbook.yml:

---
- hosts: all
  vars_files:
    - vars.yml
  sudo: True
  user: deploy

  tasks:

    - name: Download neo4j
      shell: "wget \"http://download.neo4j.org/artifact?edition=community&version=2.0.1&distribution=tarball&dlid=3646018\" -O ~/neo4j-community-2.0.1-unix.tar.gz creates=~/neo4j-community-2.0.1-unix.tar.gz"
      environment: proxy_environment

I have just used this over the weekend to do a bunch of deploying and I have not encountered any problems.

@jimi-c
Copy link
Member

jimi-c commented Apr 16, 2014

Isn't this something that could be passed with the ANSIBLE_SSH_ARGS environment variable or the ssh_args option already in the ansible.cfg file? This seems to duplicate that functionality.

@jimi-c jimi-c added P4 and removed P4 labels Apr 16, 2014
@mpdehaan
Copy link
Contributor

mpdehaan commented Apr 18, 2014

@jimi-c I believe the key part of the issue was " I am trying to use this in an ansible script but unfortunately there is no configuration option to pass arguments to just the ssh command and not scp/sftp."

@mpdehaan mpdehaan added P3 and removed P3 labels Apr 18, 2014
@mpdehaan mpdehaan added P4 and removed P3 labels Jun 1, 2014
@sigio
Copy link
Contributor

sigio commented Aug 18, 2014

It would be nice to have these options be configurable in the inventory on a per-host or per-group method. I have a group of hosts where I need to specify '-s /usr/lib/sftp-server' to use sftp.

@jimi-c
Copy link
Member

jimi-c commented Aug 18, 2014

@sigio please open a new issue for that, if you have not already, so we can keep track of the request. Thanks!

@sigio
Copy link
Contributor

sigio commented Aug 18, 2014

I had... it was merged into this one by mpdehaan. (#8637)

@jimi-c
Copy link
Member

jimi-c commented Aug 18, 2014

@sigio my apologies, I didn't see that. Thanks!

@amenonsen
Copy link
Contributor

amenonsen commented Jul 26, 2015

This PR can be closed. I've submitted a rebased version as #11681.

@gregdek
Copy link
Contributor

gregdek commented Sep 22, 2015

Closed because #11908 now appears to cover this case.

@ansible ansible locked and limited conversation to collaborators Apr 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

8 participants
You can’t perform that action at this time.