Jumphosts/windowslinuxtest_sshadd_tunnel_passphrase.yaml

- hosts: localhost
  connection: local
  gather_facts: no
  tasks:
    - name: Start ssh-agent and Retrieve the SSH_AUTH_SOCK and SSH_AGENT_PID environment variables
      shell: |
        eval $(ssh-agent -s) > /dev/null
        echo '{"SSH_AUTH_SOCK":"'$SSH_AUTH_SOCK'","SSH_AGENT_PID":"'$SSH_AGENT_PID'"}'
      register: env_vars_stdout
    - set_fact:
        env_vars: "{{ env_vars_stdout.stdout }}"
    - name: Print the environment variables
      debug:
        msg: "{{ env_vars }}"

- name: Role ensures that ssh key passphrases are added to ssh-agent
  hosts: localhost
  connection: local
  gather_facts: no
  environment: "{{ env_vars }}"
  roles:
    - ansible-role-ssh-add-jumphosts
  tasks:
    - name: Setting of required socks_port variables for single jumphost
      set_fact:
        jh_socks_port: "{{ (jh_socks_port if jh_socks_port is defined else jh1_socks_port) | regex_replace('^socks.*://', '') | regex_replace('^unixsocket', '') }}"
      no_log: true
    - debug:
        var: jh_socks_port
    - set_fact:
        endpoint_ssh_private_key: "{{ lookup('env','EP_SSH_PRIVATE_KEY') }}" # For Linux endpoint ssh private key

    - name: Creating socks tunnel for 1 jumphost
      shell: ssh -i {{ jh1_ssh_private_key }} -oPubkeyAuthentication=yes -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -fN -D {{ jh_socks_port }} -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }};sleep 2
      when:
        - (jh2_ssh_private_key is undefined) or (jh2_ssh_private_key|length == 0)
        - (jh1_ssh_private_key|length > 0)
      no_log: true

    - name: Creating socks tunnel for 2 jumphosts
      shell: ssh -i {{ jh2_ssh_private_key }} -oPubkeyAuthentication=yes -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no -oProxyCommand="ssh -i {{ jh1_ssh_private_key }} -W {{ jh2_ip }}:{{ jh2_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }}" -fN -D {{ jh_socks_port }} -p {{ jh2_ssh_port }} {{ jh2_ssh_user }}@{{ jh2_ip }};sleep 2
      when:
        - (jh3_ssh_private_key is undefined) or (jh3_ssh_private_key|length == 0)
        - (jh2_ssh_private_key|length > 0)
      no_log: true

    - name: Creating socks tunnel for 3 jumphosts
      shell: ssh -i {{ jh3_ssh_private_key }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand="ssh -i {{ jh2_ssh_private_key }} -W {{ jh3_ip }}:{{ jh3_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\"ssh -i {{ jh1_ssh_private_key }} -W {{ jh2_ip }}:{{ jh2_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }}\" -p {{ jh2_ssh_port }} {{ jh2_ssh_user }}@{{ jh2_ip }}" -fN -D {{ jh_socks_port }} -p {{ jh3_ssh_port }} {{ jh3_ssh_user }}@{{ jh3_ip }};sleep 2
      when:
        - (jh4_ssh_private_key is undefined) or (jh4_ssh_private_key|length == 0)
        - (jh3_ssh_private_key|length > 0)
      no_log: true

    - name: Creating socks tunnel for 4 jumphosts
      shell: ssh -i {{ jh4_ssh_private_key }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand="ssh -i {{ jh3_ssh_private_key }} -W {{ jh4_ip }}:{{ jh4_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\"ssh -i {{ jh2_ssh_private_key }} -W {{ jh3_ip }}:{{ jh3_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\\\"ssh -i {{ jh1_ssh_private_key }} -W {{ jh2_ip }}:{{ jh2_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }}\\\" -p {{ jh2_ssh_port }} {{ jh2_ssh_user }}@{{ jh2_ip }}\" -p {{ jh3_ssh_port }} {{ jh3_ssh_user }}@{{ jh3_ip }}" -fN -D {{ jh_socks_port }} -p {{ jh4_ssh_port }} {{ jh4_ssh_user }}@{{ jh4_ip }};sleep 2
      when:
        - (jh5_ssh_private_key is undefined) or (jh5_ssh_private_key|length == 0)
        - (jh4_ssh_private_key|length > 0)
      no_log: true

    - name: Creating socks tunnel for 5 jumphosts
      shell: ssh -i {{ jh5_ssh_private_key }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand="ssh -i {{ jh4_ssh_private_key }} -W {{ jh5_ip }}:{{ jh5_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\"ssh -i {{ jh3_ssh_private_key }} -W {{ jh4_ip }}:{{ jh4_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\\\"ssh -i {{ jh2_ssh_private_key }} -W {{ jh3_ip }}:{{ jh3_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -oProxyCommand=\\\\\\\"ssh -i {{ jh1_ssh_private_key }} -W {{ jh2_ip }}:{{ jh2_ssh_port }} -oPubkeyAuthentication=yes -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -p {{ jh1_ssh_port }} {{ jh1_ssh_user }}@{{ jh1_ip }}\\\\\\\" -p {{ jh2_ssh_port }} {{ jh2_ssh_user }}@{{ jh2_ip }}\\\" -p {{ jh3_ssh_port }} {{ jh3_ssh_user }}@{{ jh3_ip }}\" -p {{ jh4_ssh_port }} {{ jh4_ssh_user }}@{{ jh4_ip }}" -fN -D {{ jh_socks_port }} -p {{ jh5_ssh_port }} {{ jh5_ssh_user }}@{{ jh5_ip }};sleep 2
      when:
        - (jh6_ssh_private_key is undefined) or (jh6_ssh_private_key|length == 0)
        - (jh5_ssh_private_key|length > 0)
      no_log: true

- hosts: windows
  gather_facts: yes
  vars:
    ansible_psrp_proxy: "{{ jh1_socks_port if jh1_socks_port is defined else jh_socks_port }}" # For Windows
  tasks:
  - block:
    - name: Do Ping
      win_ping:
      register: ping_output
      ignore_unreachable: true

    - debug:
        var: ping_output

    - win_shell: set
      args:
        executable: cmd
      register: homedir_out

    # Works on Windows 2016 and 2008 only if someone is logged in using that Userid
    #- win_shell: echo '%HOMEDRIVE%%HOMEPATH%'
    - win_shell: echo %SystemRoot% %USERPROFILE%
      args:
        executable: cmd
      register: homedir_out
    - debug:
        var: homedir_out

    - name: get powershell version
      raw: $PSVersionTable

    - name: Copying files to all Windows Endpoints
      win_copy:
        content: abc123
        #src : "windowstest_with_tunnel_passphrase.yaml"
        dest: C:\Temp\foo.txt
    when: ansible_os_family == "Windows"

- hosts: linux
  gather_facts: no
  vars:
    ansible_ssh_common_args: "{{ hostvars['127.0.0.1']['ansible_ssh_common_args'] }}" # For Linux
    endpoint_ssh_private_key: "{{ hostvars['127.0.0.1']['endpoint_ssh_private_key'] }}"
    endpoint_ssh_user: "{{ hostvars['127.0.0.1']['endpoint_ssh_user'] }}"
    endpoint_ssh_port: "{{ hostvars['127.0.0.1']['endpoint_ssh_port'] }}"
  tasks:
    - include_vars:
        file: include_endpointcred.yaml
      when:
        - endpoint_ssh_private_key is defined and endpoint_ssh_private_key!=''
        - endpoint_ssh_user is defined and endpoint_ssh_user!=''
        - endpoint_ssh_port is defined and endpoint_ssh_port!=''
    - setup:
        gather_subset: '!all'
      async: 60
      poll: 5
    - debug:
        msg: "{{ ansible_os_family }}"
    - block:
      - shell: echo Hello `hostname`;cat /etc/*elease*
        register: result
      - debug:
          msg: "{{ result }}"
      when: ansible_os_family == "CentOS" or ansible_os_family == "RedHat" or ansible_os_family == "Darwin" or ansible_os_family == "Debian"

- hosts: localhost
  connection: local
  gather_facts: no
  tasks:
    - name: Kill the ssh-agent
      shell: |
        echo $SSH_AUTH_SOCK
        echo $SSH_AGENT_PID
        ssh-agent -k
      environment: "{{ env_vars }}"

# Tunnel will be killed at end of job because of ENABLE ISOLATED JOBS