ssh_args per host/group

[Steven Ringo]

Hi,

We have a requirement to pass for example, -o "RemoteForward 8080 host.behind.the.firewall.com:80" to some hosts so that the host can reverse tunnel to some private resources on our local network. For example we use a private git repo that is not publicly accessible, yet we need to use it deploy to public-facing hosts.

Currently it seems to be an all-or-nothing configuration, as its only in ansible.cfg, as part of ssh_args.

I guess its OK to have it there in all SSH connections to all hosts, but if there's any way to do this on a per-host basis, perhaps through another setting or by using local .ssh_config file for example, that would be great.

Thanks so much 

Steve

[Michael DeHaan]

For most configuration items, take a look in the docs about "host_vars/" and "group_vars/" directories.

They are quite awesome for applying variables at host and group var level.

You can't currently set this on a per host basis, but I'm open to making it possible.

In the meantime, yes, local .ssh_config files for SSH are used, so that's an option of where to set it per host.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d73c1d15-9074-4db2-abea-0ddd7fbe6b52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael DeHaan]

Clarification: they are used for the "-c ssh" connection type.

This is the default on all platforms except RHEL/CentOS 6 and earlier, which have an old SSH, and can't benefit from the (very useful) ControlPersist speedups.

You could still manually pick this in your ansible.cfg, though I'd recommend enabling pipelining as you'll have to turn ControlPersist off.