How to execute commands on a VM running on a remote host?

[pan...@hotmail.de]

Hello Guys,

I have Ansible installed on a jumphost. From the jumphost I can reach several servers (with different IPs), each running a virtual machine (that VM has the same IP on each server).
I need to read the information of a certain file that is located on the virtual machines (not on the servers).
That means Ansible have to establish a SSH connection to the server and from there it have to establish another SSH connection to the VM.

(Jumphost [Ansible Controller] --> Server --> VM)

I assume that the realization of this use case is possible with Ansible (?)
However, I don't really know how to google for this problem.

Is there some kind of best practice for this use case?

Maybe you can provide me a link, which explains how to solve that problem or a similar problem?

I am grateful for any help :)

Kind regards,

Peter

[Dick Visser]

https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-configure-a-jump-host-to-access-servers-that-i-have-no-direct-access-to

From your story it seems that what you call jumphost is the ansible controller and each server is a jumphost.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3cdbcbc5-7b3b-4ab2-9075-8eec29b75576n%40googlegroups.com.

--

Sent from a mobile device - please excuse the brevity, spelling and punctuation.

[pan...@hotmail.de]

Hello,

thank you for your reply. I think you can say it like you wrote it, yes.

So if I understand the given link correctly:

I need to specify my servers in this line:
 #ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q us...@gateway.example"'

While the inventory file contains the IP of the virtual machine located on the servers
#[VM] foo ansible_host=192.168.1.1

The problem is that my Servers (the jumhosts as you've called it) have different IPs, but the VM located on the server always have the same IP.

This is like a reverse use case (?)

So I somehow need to parse my (different) servers to "us...@gateway.example".

Any idea how I can realize this? Probably use a variable for "gateway.example.com" and loop through that variable?

Best regards

Peter

[Dick Visser]

I think in this case you'd have to set a custom
ansible_ssh_common_args for each host in your inventory, for instance:


foo ansible_host=192.168.1.1 ansible_ssh_common_args='-o
ProxyCommand="ssh -W %h:%p -q user@VMhost1"'
bar ansible_host=192.168.1.1 ansible_ssh_common_args='-o
ProxyCommand="ssh -W %h:%p -q user@VMhost2"'
baz ansible_host=192.168.1.1 ansible_ssh_common_args='-o
ProxyCommand="ssh -W %h:%p -q user@VMhost3"'

> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9126290b-3ac0-4c8b-be20-1af22f7c5a98n%40googlegroups.com.



--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

[pan...@hotmail.de]

Hello,

thank you again for your Input.

I have about different 100 servers using this VM

So the Inventory file would somehow look like this: (?)

#####

[VM]

ansible_host=192.168.1.1 ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q root@server1"

ansible_host=192.168.1.1 ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q root@server2" 

...

ansible_host=192.168.1.1 ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q root@server100"

[VM:vars]

ansible_ssh_user: root
ansible_ssh_pass: xxxx

#####

Another Point:
I have no possibility to realize a key based authentication for the servers, i.e. I have to do a password based authentication.

Where do i need to specify the password for root@server1, root@server2 [...]?

Can I just use something like this in the inventory?

[all:vars]

ansible_ssh_pass=server_password

Best regards,

Peter