/
windowslinuxtest_sshadd_tunnel_passphrase.yaml
144 lines (129 loc) · 7.7 KB
/
windowslinuxtest_sshadd_tunnel_passphrase.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name: Start ssh-agent and Retrieve the SSH_AUTH_SOCK and SSH_AGENT_PID environment variables
shell: |
eval $(ssh-agent -s) > /dev/null
echo '{"SSH_AUTH_SOCK":"'$SSH_AUTH_SOCK'","SSH_AGENT_PID":"'$SSH_AGENT_PID'"}'
register: env_vars_stdout
- set_fact:
env_vars: "{{ env_vars_stdout.stdout }}"
- name: Print the environment variables
debug:
msg: "{{ env_vars }}"
- name: Role ensures that ssh key passphrases are added to ssh-agent
hosts: localhost
connection: local
gather_facts: no
environment: "{{ env_vars }}"
roles:
- ansible-role-ssh-add-jumphosts
tasks:
- name: Setting of required socks_port variables for single jumphost
set_fact:
jh_socks_port: "{{ (jh_socks_port if jh_socks_port is defined else jh1_socks_port) | regex_replace('^socks.*://', '') | regex_replace('^unixsocket', '') }}"
no_log: true
- debug:
var: jh_socks_port
- set_fact:
endpoint_ssh_private_key: "{{ lookup('env','EP_SSH_PRIVATE_KEY') }}" # For Linux endpoint ssh private key
- name: Creating socks tunnel for 1 jumphost
shell: ssh -i {{ jh1_ssh_private_key }} -oPubkeyAuthentication=yes -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -fN -D {{ jh_socks_port }} -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }};sleep 2
when:
- (jh2_ssh_private_key is undefined) or (jh2_ssh_private_key|length == 0)
- (jh1_ssh_private_key|length > 0)
no_log: true
- name: Creating socks tunnel for 2 jumphosts
shell: ssh -i {{ jh2_ssh_private_key }} -oPubkeyAuthentication=yes -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -oProxyCommand="ssh -i {{ jh1_ssh_private_key }} -W {{ jh2_ip }}:{{ jh2_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }}" -fN -D {{ jh_socks_port }} -p {{ jh2_ssh_port }} {{ jh2_ssh_user }}@{{ jh2_ip }};sleep 2
when:
- (jh3_ssh_private_key is undefined) or (jh3_ssh_private_key|length == 0)
- (jh2_ssh_private_key|length > 0)
no_log: true
- name: Creating socks tunnel for 3 jumphosts
shell: ssh -i {{ jh3_ssh_private_key }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand="ssh -i {{ jh2_ssh_private_key }} -W {{ jh3_ip }}:{{ jh3_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\"ssh -i {{ jh1_ssh_private_key }} -W {{ jh2_ip }}:{{ jh2_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }}\" -p {{ jh2_ssh_port }} {{ jh2_ssh_user }}@{{ jh2_ip }}" -fN -D {{ jh_socks_port }} -p {{ jh3_ssh_port }} {{ jh3_ssh_user }}@{{ jh3_ip }};sleep 2
when:
- (jh4_ssh_private_key is undefined) or (jh4_ssh_private_key|length == 0)
- (jh3_ssh_private_key|length > 0)
no_log: true
- name: Creating socks tunnel for 4 jumphosts
shell: ssh -i {{ jh4_ssh_private_key }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand="ssh -i {{ jh3_ssh_private_key }} -W {{ jh4_ip }}:{{ jh4_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\"ssh -i {{ jh2_ssh_private_key }} -W {{ jh3_ip }}:{{ jh3_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\\\"ssh -i {{ jh1_ssh_private_key }} -W {{ jh2_ip }}:{{ jh2_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }}\\\" -p {{ jh2_ssh_port }} {{ jh2_ssh_user }}@{{ jh2_ip }}\" -p {{ jh3_ssh_port }} {{ jh3_ssh_user }}@{{ jh3_ip }}" -fN -D {{ jh_socks_port }} -p {{ jh4_ssh_port }} {{ jh4_ssh_user }}@{{ jh4_ip }};sleep 2
when:
- (jh5_ssh_private_key is undefined) or (jh5_ssh_private_key|length == 0)
- (jh4_ssh_private_key|length > 0)
no_log: true
- name: Creating socks tunnel for 5 jumphosts
shell: ssh -i {{ jh5_ssh_private_key }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand="ssh -i {{ jh4_ssh_private_key }} -W {{ jh5_ip }}:{{ jh5_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\"ssh -i {{ jh3_ssh_private_key }} -W {{ jh4_ip }}:{{ jh4_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\\\"ssh -i {{ jh2_ssh_private_key }} -W {{ jh3_ip }}:{{ jh3_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\\\\\\\"ssh -i {{ jh1_ssh_private_key }} -W {{ jh2_ip }}:{{ jh2_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }}\\\\\\\" -p {{ jh2_ssh_port }} {{ jh2_ssh_user }}@{{ jh2_ip }}\\\" -p {{ jh3_ssh_port }} {{ jh3_ssh_user }}@{{ jh3_ip }}\" -p {{ jh4_ssh_port }} {{ jh4_ssh_user }}@{{ jh4_ip }}" -fN -D {{ jh_socks_port }} -p {{ jh5_ssh_port }} {{ jh5_ssh_user }}@{{ jh5_ip }};sleep 2
when:
- (jh6_ssh_private_key is undefined) or (jh6_ssh_private_key|length == 0)
- (jh5_ssh_private_key|length > 0)
no_log: true
- hosts: windows
gather_facts: yes
vars:
ansible_psrp_proxy: "{{ jh1_socks_port if jh1_socks_port is defined else jh_socks_port }}" # For Windows
tasks:
- block:
- name: Do Ping
win_ping:
register: ping_output
ignore_unreachable: true
- debug:
var: ping_output
- win_shell: set
args:
executable: cmd
register: homedir_out
# Works on Windows 2016 and 2008 only if someone is logged in using that Userid
#- win_shell: echo '%HOMEDRIVE%%HOMEPATH%'
- win_shell: echo %SystemRoot% %USERPROFILE%
args:
executable: cmd
register: homedir_out
- debug:
var: homedir_out
- name: get powershell version
raw: $PSVersionTable
- name: Copying files to all Windows Endpoints
win_copy:
content: abc123
#src : "windowstest_with_tunnel_passphrase.yaml"
dest: C:\Temp\foo.txt
when: ansible_os_family == "Windows"
- hosts: linux
gather_facts: no
vars:
ansible_ssh_common_args: "{{ hostvars['127.0.0.1']['ansible_ssh_common_args'] }}" # For Linux
endpoint_ssh_private_key: "{{ hostvars['127.0.0.1']['endpoint_ssh_private_key'] }}"
endpoint_ssh_user: "{{ hostvars['127.0.0.1']['endpoint_ssh_user'] }}"
endpoint_ssh_port: "{{ hostvars['127.0.0.1']['endpoint_ssh_port'] }}"
tasks:
- include_vars:
file: include_endpointcred.yaml
when:
- endpoint_ssh_private_key is defined and endpoint_ssh_private_key!=''
- endpoint_ssh_user is defined and endpoint_ssh_user!=''
- endpoint_ssh_port is defined and endpoint_ssh_port!=''
- setup:
gather_subset: '!all'
async: 60
poll: 5
- debug:
msg: "{{ ansible_os_family }}"
- block:
- shell: echo Hello `hostname`;cat /etc/*elease*
register: result
- debug:
msg: "{{ result }}"
when: ansible_os_family == "CentOS" or ansible_os_family == "RedHat" or ansible_os_family == "Darwin" or ansible_os_family == "Debian"
- hosts: localhost
connection: local
gather_facts: no
tasks:
- name: Kill the ssh-agent
shell: |
echo $SSH_AUTH_SOCK
echo $SSH_AGENT_PID
ssh-agent -k
environment: "{{ env_vars }}"
# Tunnel will be killed at end of job because of ENABLE ISOLATED JOBS