allow for ssh-specific arguments #6238

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
8 participants
@jeremyherbert

Hi,

scp and scp are not necessarily argument compatible. For example, the -R switch (which allows you to create a reverse tunnel) is usable on SSH only and not SCP. I am trying to use this in an ansible script but unfortunately there is no configuration option to pass arguments to just the ssh command and not scp/sftp.

This code allows you to specify commands that will only be passed to ssh via ssh_specific_args in ansible.cfg.

@mpdehaan

This comment has been minimized.

Show comment
Hide comment
@mpdehaan

mpdehaan Mar 3, 2014

Contributor

Are you actually passing -R with ansible? I'm not sure that entirely makes sense with Ansible's calling architecture and perhaps is something that should be done explicitly instead?

Basically I'm wanting to understand more about the underlying use case prior to adding this.

Thanks!

Contributor

mpdehaan commented Mar 3, 2014

Are you actually passing -R with ansible? I'm not sure that entirely makes sense with Ansible's calling architecture and perhaps is something that should be done explicitly instead?

Basically I'm wanting to understand more about the underlying use case prior to adding this.

Thanks!

@jeremyherbert

This comment has been minimized.

Show comment
Hide comment
@jeremyherbert

jeremyherbert Mar 3, 2014

Hi again,

I am using the -R flag successfully now with this change. My use case is this: I have hosts which have extremely limited internet access; they have 443 forwarded via a proxy on the frontend, and I can SSH to them. That's about it and it is not under my control. Unfortunately, I need to do things like pull code off github, download packages and various other internet related tasks.

The way I have solved this is to run tinyproxy locally on my machine, and forward a port back to it using SSH arguments. Then, simply by adding an extra environment attribute to a task, I can selectively give tasks access to the internet for things like wget. For example:

ansible.cfg:

[ssh_connection]
ssh_specific_args = -R 12346:localhost:12345

vars.yml:

--
proxy_environment:
  http_proxy: http://localhost:12346
  https_proxy: http://localhost:12346

playbook.yml:

---
- hosts: all
  vars_files:
    - vars.yml
  sudo: True
  user: deploy

  tasks:

    - name: Download neo4j
      shell: "wget \"http://download.neo4j.org/artifact?edition=community&version=2.0.1&distribution=tarball&dlid=3646018\" -O ~/neo4j-community-2.0.1-unix.tar.gz creates=~/neo4j-community-2.0.1-unix.tar.gz"
      environment: proxy_environment

I have just used this over the weekend to do a bunch of deploying and I have not encountered any problems.

Hi again,

I am using the -R flag successfully now with this change. My use case is this: I have hosts which have extremely limited internet access; they have 443 forwarded via a proxy on the frontend, and I can SSH to them. That's about it and it is not under my control. Unfortunately, I need to do things like pull code off github, download packages and various other internet related tasks.

The way I have solved this is to run tinyproxy locally on my machine, and forward a port back to it using SSH arguments. Then, simply by adding an extra environment attribute to a task, I can selectively give tasks access to the internet for things like wget. For example:

ansible.cfg:

[ssh_connection]
ssh_specific_args = -R 12346:localhost:12345

vars.yml:

--
proxy_environment:
  http_proxy: http://localhost:12346
  https_proxy: http://localhost:12346

playbook.yml:

---
- hosts: all
  vars_files:
    - vars.yml
  sudo: True
  user: deploy

  tasks:

    - name: Download neo4j
      shell: "wget \"http://download.neo4j.org/artifact?edition=community&version=2.0.1&distribution=tarball&dlid=3646018\" -O ~/neo4j-community-2.0.1-unix.tar.gz creates=~/neo4j-community-2.0.1-unix.tar.gz"
      environment: proxy_environment

I have just used this over the weekend to do a bunch of deploying and I have not encountered any problems.

@jimi-c

This comment has been minimized.

Show comment
Hide comment
@jimi-c

jimi-c Apr 16, 2014

Member

Isn't this something that could be passed with the ANSIBLE_SSH_ARGS environment variable or the ssh_args option already in the ansible.cfg file? This seems to duplicate that functionality.

Member

jimi-c commented Apr 16, 2014

Isn't this something that could be passed with the ANSIBLE_SSH_ARGS environment variable or the ssh_args option already in the ansible.cfg file? This seems to duplicate that functionality.

@jimi-c jimi-c added P4 and removed P4 labels Apr 16, 2014

@mpdehaan

This comment has been minimized.

Show comment
Hide comment
@mpdehaan

mpdehaan Apr 18, 2014

Contributor

@jimi-c I believe the key part of the issue was " I am trying to use this in an ansible script but unfortunately there is no configuration option to pass arguments to just the ssh command and not scp/sftp."

Contributor

mpdehaan commented Apr 18, 2014

@jimi-c I believe the key part of the issue was " I am trying to use this in an ansible script but unfortunately there is no configuration option to pass arguments to just the ssh command and not scp/sftp."

@mpdehaan mpdehaan added P3 and removed P3 labels Apr 18, 2014

@mpdehaan mpdehaan added P4 and removed P3 labels Jun 1, 2014

@sigio

This comment has been minimized.

Show comment
Hide comment
@sigio

sigio Aug 18, 2014

Contributor

It would be nice to have these options be configurable in the inventory on a per-host or per-group method. I have a group of hosts where I need to specify '-s /usr/lib/sftp-server' to use sftp.

Contributor

sigio commented Aug 18, 2014

It would be nice to have these options be configurable in the inventory on a per-host or per-group method. I have a group of hosts where I need to specify '-s /usr/lib/sftp-server' to use sftp.

@jimi-c

This comment has been minimized.

Show comment
Hide comment
@jimi-c

jimi-c Aug 18, 2014

Member

@sigio please open a new issue for that, if you have not already, so we can keep track of the request. Thanks!

Member

jimi-c commented Aug 18, 2014

@sigio please open a new issue for that, if you have not already, so we can keep track of the request. Thanks!

@sigio

This comment has been minimized.

Show comment
Hide comment
@sigio

sigio Aug 18, 2014

Contributor

I had... it was merged into this one by mpdehaan. (#8637)

Contributor

sigio commented Aug 18, 2014

I had... it was merged into this one by mpdehaan. (#8637)

@jimi-c

This comment has been minimized.

Show comment
Hide comment
@jimi-c

jimi-c Aug 18, 2014

Member

@sigio my apologies, I didn't see that. Thanks!

Member

jimi-c commented Aug 18, 2014

@sigio my apologies, I didn't see that. Thanks!

@amenonsen

This comment has been minimized.

Show comment
Hide comment
@amenonsen

amenonsen Jul 26, 2015

Contributor

This PR can be closed. I've submitted a rebased version as #11681.

Contributor

amenonsen commented Jul 26, 2015

This PR can be closed. I've submitted a rebased version as #11681.

@gregdek

This comment has been minimized.

Show comment
Hide comment
@gregdek

gregdek Sep 22, 2015

Contributor

Closed because #11908 now appears to cover this case.

Contributor

gregdek commented Sep 22, 2015

Closed because #11908 now appears to cover this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment