ssh client config referenced by ssh_args in ansible.cfg

[lucky numbersevun]

i have a ssh client config that works, and it has Host definition for the bastion at the top, and then all the inside hosts are listed below it in the same file with an appropriate ProxyCommand statement.

i have a directory at ~/repo/some-ansible-repo/

~/repo/some-ansible-repo/ansible.cfg looks like this:

$ cat ./ansible.cfg
[defaults]
inventory = ./hosts
host_key_checking = false
deprecation_warnings=false
vault_password_file = ../vault_password_file_blah

[ssh_connection]
ssh_args="-F ~/.ssh/dev-cluster.config -o ControlPath=/tmp/ansible-ssh-%h-%p-%r -o ControlMaster=auto -o ControlPersist=30m"
control_path = ~/.ansible/cp

Ansible can connect to the bastion, but it cannot connect to any of the inside hosts unless the client config has:

Include ~/.ssh/dev-cluster.config

Am I doing something wrong with ansible.cfg?

Why is it ignoring my -F?

[Matt Martz]

`ssh_args` cannot utilize shell expansions such as `~`.

On the command line this works because your shell expands it.  In an ansible.cfg file, they are not expanded.  You would need to use a full path with `-F`

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9cb3dd16-7ad1-4c9a-b7f2-ee85ad84ad76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Matt Martz
@sivel
sivel.net

[lucky numbersevun]

Thank you for your response, actually, embarrassingly, i knew that. i apologize but i changed the full path to the file to protect the innocent. :)

So, what im saying is that im using full paths, and its still not picking up the whole config, it can only connect to the bastion.

[Dick Visser]

I doubt this will be the issue, but I see you’re supplying controlpath both directly as an ansible config option, and as part of the ssh_args, and they have different values.

Could it be that this inconsistency somehow caused the -F argument to be ignored?

Can you try removing one of the two control path instances?

Dick

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/464d46b6-9b85-4752-a9d2-0e611a87eb09%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Sent from a mobile device - please excuse the brevity, spelling and punctuation.

[lucky numbersevun]

i commented out the line you suggested, ensured i had the Include line in my default ssh client config commented out, and it can only connect to the bastion still. thank you for your suggestion.