CentOS(Ansible2.5) --> Jump/Bastion Server--> Inventory
58 views
Skip to first unread message
Love
Sep 25, 2018, 5:53:14 PM9/25/18
to Ansible Project
Hello Experts,
Could you please help me how to use Ansible through a Jump/Bastion Server? My desktop (CentOS 7.5) is installed with Ansible 2.5 and I cannot install Ansible on Jump/Bastion server, what are the configuration changes required on my desktop to be able to login as my user and switch to root and ssh to clients to execute daily tasks.
CentOS(Ansible 2.5) --> Jump/Bastion Server --> Destination Servers
SSH keys are deployed for root user from Jump/Bastion server to all destination servers.
All Linux/Unix servers. NO WinGdows, please tell me I'm not the only one who has/had this issue, do let me know if you have any questions.
Thanks in advance
Karl Auer
Sep 25, 2018, 6:09:27 PM9/25/18
to ansible-project
We have a build host that we run Ansible on.
I.e., we don't run ansible *through* a bastion host, we run it *on* a bastion host. This host is just for the purpose, and has (in AWS) an instance policy that allows it to build stuff.
Regards, K.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/eaa6153a-db7a-44d7-98b5-3d3b52813049%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Karl Auer
Email : ka...@2pisoftware.com
Website: http://2pisoftware.com
GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
Email : ka...@2pisoftware.com
Website: http://2pisoftware.com
GPG/PGP : 958A 2647 6C44 D376 3D63 86A5 FFB2 20BC 0257 5816
Previous: F0AB 6C70 A49D 1927 6E05 81E7 AD95 268F 2AB6 40EA
Karl Auer
Sep 25, 2018, 6:11:55 PM9/25/18
to ansible-project
Sorry, I suppose I was asking whether you could ADD a new bastion server for Ansible.
Regards, K.
On Wed, Sep 26, 2018 at 7:53 AM Love <lovesai...@gmail.com> wrote:
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/eaa6153a-db7a-44d7-98b5-3d3b52813049%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Love
Sep 25, 2018, 7:20:38 PM9/25/18
to Ansible Project
No, I do not have the option to use another Jump/Bastion server, we already have 6 Jump/Bastion servers for different data centers & environments, ansible is not installed on any of them.
Felix Fontein
Sep 26, 2018, 12:02:52 AM9/26/18
to ansible...@googlegroups.com
Hi,
> Could you please help me how to use Ansible through a Jump/Bastion
> Server? My desktop (CentOS 7.5) is installed with Ansible 2.5 and I
> cannot install Ansible on Jump/Bastion server, what are the
> configuration changes required on my desktop to be able to login as
> my user and switch to root and ssh to clients to execute daily tasks.
>
> CentOS(Ansible 2.5) --> Jump/Bastion Server --> Destination Servers
>
> SSH keys are deployed for root user from Jump/Bastion server to all
> destination servers.
in case you have the SSH keys for the destination users also on your
local machine, you can do that by adding the following to your
~/.ssh/config file:
Host jump-host.example.com
User user_for_jump_host
IdentityFile ~/.ssh/id_private_key_for_jump_host
Host destination-1.example.com destination-2.example.com
User admin_user_for_destinations
IdentityFile ~/.ssh/id_private_key_for_destinations
ProxyCommand ssh -q jump-host.example.com nc -q0 %h 22
If you have newer OpenSSH clients, there are also some simplifications
for this (see
https://superuser.com/questions/1253960/replace-proxyjump-in-ssh-config).
In case you do *not* have the keys for the destination machines on your
local machine, this will not work. Instead, take a look at this one:
https://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using-private-key-on-b/701884#701884
I've never used that one, so I don't know whether it really works, but
it looks reasonable.
If the keys on the jump host are not available as the user you logged
in with, you probably need to include an appropriate 'sudo' into the
ProxyCommand (probably before ssh-add).
Cheers,
Felix
> Could you please help me how to use Ansible through a Jump/Bastion
> Server? My desktop (CentOS 7.5) is installed with Ansible 2.5 and I
> cannot install Ansible on Jump/Bastion server, what are the
> configuration changes required on my desktop to be able to login as
> my user and switch to root and ssh to clients to execute daily tasks.
>
> CentOS(Ansible 2.5) --> Jump/Bastion Server --> Destination Servers
>
> SSH keys are deployed for root user from Jump/Bastion server to all
> destination servers.
local machine, you can do that by adding the following to your
~/.ssh/config file:
Host jump-host.example.com
User user_for_jump_host
IdentityFile ~/.ssh/id_private_key_for_jump_host
Host destination-1.example.com destination-2.example.com
User admin_user_for_destinations
IdentityFile ~/.ssh/id_private_key_for_destinations
ProxyCommand ssh -q jump-host.example.com nc -q0 %h 22
If you have newer OpenSSH clients, there are also some simplifications
for this (see
https://superuser.com/questions/1253960/replace-proxyjump-in-ssh-config).
In case you do *not* have the keys for the destination machines on your
local machine, this will not work. Instead, take a look at this one:
https://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using-private-key-on-b/701884#701884
I've never used that one, so I don't know whether it really works, but
it looks reasonable.
If the keys on the jump host are not available as the user you logged
in with, you probably need to include an appropriate 'sudo' into the
ProxyCommand (probably before ssh-add).
Cheers,
Felix
Love
Oct 1, 2018, 1:59:17 PM10/1/18
to Ansible Project
Thank you, I will try this and post any/all questions based on output.
Reply all
Reply to author
Forward
0 new messages