Delegate via remote host

198 views
Skip to first unread message

Thomas Steinbach

unread,
Oct 21, 2015, 8:36:10 AM10/21/15
to Ansible Project
Is it possible to delegate a role/task to a remote hosts remote host? An example:

On a remote host (e.g. testserver) I have created a docker container. The containers IP is known on the testserver and he is accessible just from the testservers private docker network. Now I want to execute a role inside the testservers docker container. But without making the docker container public accessible. So I want to delegate the role execution via the remote testserver to the remote docker container.

Is this possible with Ansible? And if not, would that be a good feature?

Greetings - Thomas

Vikas Kumar

unread,
Oct 21, 2015, 10:38:00 PM10/21/15
to Ansible Project
Hi Thomas,

You have something called delgate_to to do this.

- shell: echo hello
  delegate_to: abc.server.com


So basically if your playbook is running on a particular host (or set of hosts), above task will run on abc.server.com.

Regards,
Vikas

Thomas Steinbach

unread,
Oct 22, 2015, 7:56:26 AM10/22/15
to Ansible Project
Hi Vikas,

delegate_to won't do the trick, because it would delegate the role/tasks from the control machine to abc.server.com. Imagine abc.server.com is just visible within the private network of main.server.com which is accessible from the outside. So I want to delegate the role/tasks from my private laptop via main.server.com to the abc.server.com without delegate_to abc.server.com directly.

Thomas Steinbach

unread,
Oct 22, 2015, 8:00:04 AM10/22/15
to Ansible Project
I have got the solution - port forwarding will do the trick. Here are the parts of my playbook:

- name: prepare docker container for roles
  hosts: test.server.org

  tasks:

    ...

    - name: create client container
      sudo: yes
      docker:
        image: my_ssh_container
        name: test_container
        detach: False
        state: running

    - name: create connection string
      set_fact:
        connection_command: "ssh -p {{ ansible_ssh_port }} -f -N -L 3456:{{ docker_containers[0].NetworkSettings.IPAddress }}:22 {{ ansible_ssh_user}}@{{ ansible_ssh_host }}"

    - name: create local port forwarding to remote docker container
      command: "{{ connection_command }}"
      delegate_to: localhost

- name: run roles inside the client container
  hosts: docker_container_tunnel

  # SET VARIABLE HERE!
  roles:
    - { role: thomass.java }

- name: quit ssh tunnel
  hosts: test.server.org
  tasks:

    - name: recreate connection string
      set_fact:
        connection_command: "ssh -p {{ ansible_ssh_port }} -f -N -L 3456:{{ docker_containers[0].NetworkSettings.IPAddress }}:22 {{ ansible_ssh_user}}@{{ ansible_ssh_host }}"

    - name: destroy local port forwarding to remote docker container
      command: "pkill -f \"{{ connection_command }}\""
      delegate_to: localhost


Reply all
Reply to author
Forward
0 new messages