parent: 52365737 | patch | commit | ignore whitespace
Jim Rigsbee
2019-09-27 73ab1053c5752977592b6ea075f4c99e779148f9 
Skylight: made PSRP socks port random to allow for multiple runs simultaneously
3 files modified
13 ■■■■■ changed files
ansible/cloud_providers/ec2_infrastructure_deployment.yml 9 ●●●● patch | view | raw | blame | history
ansible/configs/ansible-skylight/post_software.yml 2 ●●● patch | view | raw | blame | history
ansible/roles/infra-ec2-create-inventory/tasks/main.yml 2 ●●● patch | view | raw | blame | history 
 ansible/cloud_providers/ec2_infrastructure_deployment.yml


@@ -54,6 +54,11 @@


    - when: aws_region_final is not defined


      include_tasks: ec2_detect_region_tasks.yml




    - name: Generate unique socks proxy port number


      set_fact:


        psrp_socks_port: "{{ 32767 |random(start=1024,seed=guid) }}"


      when: win_connect_method | d('winrm') == 'psrp'




    - name: Run infra-ec2-create-inventory Role


      import_role:


        name: infra-ec2-create-inventory


@@ -65,8 +70,8 @@


    - name: Start a SSH/Socks proxy for Windows proxying through bastion


      shell: |


        mkdir -p ~/.ssh/cp


        ssh -i {{ ssh_key | default(infra_ssh_key) | default(ansible_ssh_private_key_file) | default(default_key_name)}} -o "ControlMaster=auto" -o "ControlPersist=no" -o "ControlPath=~/.ssh/cp/ssh-%r@%h:%p" -o "StrictHostKeyChecking=no" -CfNq -D 127.0.0.1:1234 -p 22 {{hostvars[bastion_hostname].ansible_user}}@{{hostvars[bastion_hostname].public_dns_name}}


      when: win_connect_method | d('winrm') == 'psrp'  


        ssh -i {{ ssh_key | default(infra_ssh_key) | default(ansible_ssh_private_key_file) | default(default_key_name)}} -o "ControlMaster=auto" -o "ControlPersist=no" -o "ControlPath=~/.ssh/cp/ssh-%r@%h:%p" -o "StrictHostKeyChecking=no" -CfNq -D 127.0.0.1:{{psrp_socks_port}} -p 22 {{hostvars[bastion_hostname].ansible_user}}@{{hostvars[bastion_hostname].public_dns_name}}


      when: win_connect_method | d('winrm') == 'psrp'




# include global vars again, this time for all hosts now that the inventory is built


- import_playbook: ../include_vars.yml




 ansible/configs/ansible-skylight/post_software.yml


@@ -14,7 +14,7 @@


  tasks:


    - name: Stop SSH/Socks proxy for Windows proxying through bastion


      shell: |


        ssh -i {{ ssh_key | default(infra_ssh_key) | default(ansible_ssh_private_key_file) | default(default_key_name)}} -o "ControlPath=~/.ssh/cp/ssh-%r@%h:%p" -O stop -p 22 {{hostvars[bastion_hostname].ansible_user}}@{{hostvars[bastion_hostname].public_dns_name}}


        ssh -i {{ ssh_key | default(infra_ssh_key) | default(ansible_ssh_private_key_file) | default(default_key_name)}} -o "ControlPath=~/.ssh/cp/ssh-%r@%h:%p" -O exit -p 22 {{hostvars[bastion_hostname].ansible_user}}@{{hostvars[bastion_hostname].public_dns_name}}


      when: win_connect_method | d('winrm') == 'psrp'




- name: Copy files to workstation




 ansible/roles/infra-ec2-create-inventory/tasks/main.yml


@@ -150,7 +150,7 @@


    ansible_psrp_protocol: https


    ansible_psrp_auth: basic


    ansible_psrp_cert_validation: ignore


    ansible_psrp_proxy: socks5h://localhost:1234


    ansible_psrp_proxy: "socks5h://localhost:{{psrp_socks_port}}"


    key_name: "{{item['key_name']}}"


    state: "{{item['state']}}"


    internaldns: "{{item.tags.internaldns | default(item.private_dns_name)}}"