commit | author | age
|
3371e8
|
1 |
--- |
GC |
2 |
########################################################################### |
|
3 |
# CAUTION |
|
4 |
########################################################################### |
|
5 |
# This file is used for several cloud provider. Keep in mind when you |
|
6 |
# update it and make sure it works for all of them using this common conf. |
|
7 |
########################################################################### |
|
8 |
|
|
9 |
- name: SSH config setup |
|
10 |
hosts: localhost |
|
11 |
connection: local |
|
12 |
gather_facts: false |
|
13 |
become: false |
|
14 |
vars_files: |
|
15 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
|
16 |
- "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
|
17 |
tags: |
|
18 |
- create_ssh_config |
|
19 |
tasks: |
|
20 |
- debug: |
|
21 |
var: groups['bastions'].0 |
|
22 |
- name: Store bastion hostname as a fact |
|
23 |
set_fact: |
|
24 |
bastion_hostname: "{{groups['bastions'].0 }}" |
|
25 |
# This is where the ssh_config file will be created, this file is used to |
|
26 |
# define the communication method to all the hosts in the deployment |
|
27 |
ansible_ssh_config: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf" |
|
28 |
ansible_known_host: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_known_hosts" |
|
29 |
|
|
30 |
- name: Delete dedicated known_host if it exists (new deployment) |
|
31 |
file: |
|
32 |
dest: "{{ansible_known_host}}" |
|
33 |
state: absent |
|
34 |
|
|
35 |
- name: delete local ssh config, start fresh |
|
36 |
file: |
|
37 |
dest: "{{ ansible_ssh_config }}" |
|
38 |
state: absent |
|
39 |
|
|
40 |
- name: Create empty local ssh config |
|
41 |
file: |
|
42 |
dest: "{{ ansible_ssh_config }}" |
|
43 |
state: touch |
|
44 |
|
|
45 |
- name: Add bastion proxy config to workdir ssh config file |
|
46 |
blockinfile: |
|
47 |
dest: "{{ ansible_ssh_config }}" |
|
48 |
marker: "##### {mark} ADDED BASTION PROXY HOST {{ env_type }}-{{ guid }} ######" |
|
49 |
content: | |
3cc138
|
50 |
Host {{ bastion_hostname }} {{ hostvars[bastion_hostname].shortname |d('')}} |
3371e8
|
51 |
Hostname {{ hostvars[bastion_hostname].public_dns_name }} |
GC |
52 |
IdentityFile {{ ssh_key }} |
|
53 |
IdentitiesOnly yes |
|
54 |
User {{ remote_user }} |
|
55 |
ControlMaster auto |
|
56 |
ControlPath /tmp/{{ guid }}-%r-%h-%p |
|
57 |
ControlPersist 5m |
|
58 |
StrictHostKeyChecking no |
11af75
|
59 |
ConnectTimeout 60 |
GC |
60 |
ConnectionAttempts 10 |
3371e8
|
61 |
UserKnownHostsFile {{ansible_known_host}} |
GC |
62 |
tags: |
|
63 |
- bastion_proxy_config_main |
|
64 |
|
|
65 |
- name: Add all hosts to workdir ssh config file |
|
66 |
blockinfile: |
|
67 |
dest: "{{ ansible_ssh_config }}" |
|
68 |
marker: "##### {mark} ADDED Node Proxy Config {{ item }} {{ env_type }}-{{ guid }} ######" |
|
69 |
block: | |
3cc138
|
70 |
Host {{ item }} {{ hostvars[item].public_ip_address | default('') }} {{ hostvars[item].shortname |d('')}} |
3371e8
|
71 |
Hostname {{ hostvars[item].private_ip_address }} |
GC |
72 |
User {{ remote_user }} |
|
73 |
IdentityFile {{ ssh_key }} |
|
74 |
ProxyCommand ssh -F {{ ansible_ssh_config }} {{ bastion_hostname }} -W %h:%p |
|
75 |
StrictHostKeyChecking no |
|
76 |
UserKnownHostsFile {{ansible_known_host}} |
|
77 |
when: item != bastion_hostname |
|
78 |
with_items: "{{ groups['all'] }}" |
|
79 |
tags: |
|
80 |
- bastion_proxy_config_hosts |
|
81 |
|
|
82 |
- name: Set ssh extra args for all hosts, use ssh_config just created |
|
83 |
hosts: all |
|
84 |
gather_facts: false |
|
85 |
any_errors_fatal: true |
|
86 |
ignore_errors: false |
|
87 |
tags: |
|
88 |
- step001 |
|
89 |
- ssh_args |
|
90 |
tasks: |
|
91 |
- name: add -F option ansible_ssh_extra_args |
|
92 |
set_fact: |
|
93 |
ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|d() }} -F {{ hostvars['localhost'].ansible_ssh_config }}" |