forked from redhat-cop/agnosticd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
common_ssh_config_setup.yml
88 lines (81 loc) · 3.45 KB
/
common_ssh_config_setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
---
###########################################################################
# CAUTION
###########################################################################
# This file is used for several cloud provider. Keep in mind when you
# update it and make sure it works for all of them using this common conf.
###########################################################################
- name: SSH config setup
hosts: localhost
connection: local
gather_facts: false
become: false
tags:
- create_ssh_config
tasks:
- name: Store bastion hostname as a fact
set_fact:
bastion_hostname: "{{groups['bastions'].0 }}"
# This is where the ssh_config file will be created, this file is used to
# define the communication method to all the hosts in the deployment
ansible_ssh_config: "{{output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf"
ansible_known_host: "{{output_dir}}/{{ env_type }}_{{ guid }}_ssh_known_hosts"
- name: Delete dedicated known_host if it exists (new deployment)
file:
dest: "{{ansible_known_host}}"
state: absent
- name: delete local ssh config, start fresh
file:
dest: "{{ ansible_ssh_config }}"
state: absent
- name: Create empty local ssh config
file:
dest: "{{ ansible_ssh_config }}"
state: touch
- name: Add bastion proxy config to workdir ssh config file
blockinfile:
dest: "{{ ansible_ssh_config }}"
marker: "##### {mark} ADDED BASTION PROXY HOST {{ env_type }}-{{ guid }} ######"
content: |
Host {{ bastion_hostname }} {{ hostvars[bastion_hostname].shortname |d('')}}
Hostname {{ hostvars[bastion_hostname].public_dns_name }}
IdentityFile {{ ssh_key | default(infra_ssh_key) | default(ansible_ssh_private_key_file) }}
IdentitiesOnly yes
User {{ remote_user }}
ControlMaster auto
ControlPath /tmp/{{ guid }}-%r-%h-%p
ControlPersist 5m
StrictHostKeyChecking no
ConnectTimeout 60
ConnectionAttempts 10
UserKnownHostsFile {{ansible_known_host}}
tags:
- bastion_proxy_config_main
- name: Add all hosts to workdir ssh config file
blockinfile:
dest: "{{ ansible_ssh_config }}"
marker: "##### {mark} ADDED Node Proxy Config {{ item }} {{ env_type }}-{{ guid }} ######"
block: |
Host {{ item }} {{ hostvars[item].public_ip_address | default('') }} {{ hostvars[item].shortname |d('')}}
Hostname {{ hostvars[item].private_ip_address }}
User {{ remote_user }}
IdentityFile {{ ssh_key | default(infra_ssh_key) | default(ansible_ssh_private_key_file) }}
ProxyCommand ssh -F {{ ansible_ssh_config }} {{ bastion_hostname }} -W %h:%p
StrictHostKeyChecking no
UserKnownHostsFile {{ansible_known_host}}
when: item not in [bastion_hostname, 'localhost', '127.0.0.1']
with_items: "{{ groups['all'] }}"
tags:
- bastion_proxy_config_hosts
- name: Set ssh extra args for all hosts, use ssh_config just created
hosts: all
gather_facts: false
any_errors_fatal: true
ignore_errors: false
tags:
- step001
- ssh_args
tasks:
- name: add -F option ansible_ssh_extra_args
set_fact:
ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|d() }} -F {{ hostvars['localhost'].ansible_ssh_config }}"