From ef0a964544a6570b88c5af63d49ec25e19bc1f75 Mon Sep 17 00:00:00 2001 From: Nate Stephany <nate@redhat.com> Date: Fri, 17 Jan 2020 04:54:41 +0100 Subject: [PATCH] Add conditionals for cloud_provider in SSH configs (#1008) --- ansible/roles/set_env_authorized_key/tasks/main.yml | 2 +- /dev/null | 7 ------- ansible/roles/set_env_authorized_key/templates/host_ssh_config.j2 | 11 +++++++++++ ansible/roles/bastion/tasks/main.yml | 2 +- ansible/roles/bastion/templates/bastion_ssh_config.j2 | 7 ++++++- ansible/roles/bastion-lite/tasks/main.yml | 2 +- ansible/roles/bastion-lite/templates/bastion_ssh_config.j2 | 7 ++++++- 7 files changed, 26 insertions(+), 12 deletions(-) diff --git a/ansible/roles/bastion-lite/tasks/main.yml b/ansible/roles/bastion-lite/tasks/main.yml index 3b09961..1616b71 100644 --- a/ansible/roles/bastion-lite/tasks/main.yml +++ b/ansible/roles/bastion-lite/tasks/main.yml @@ -16,7 +16,7 @@ - name: Generate host .ssh/config Template become: no - local_action: template src={{ role_path }}/files/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }} + local_action: template src={{ role_path }}/templates/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }} tags: - gen_sshconfig_file diff --git a/ansible/roles/bastion-lite/files/bastion_ssh_config.j2 b/ansible/roles/bastion-lite/templates/bastion_ssh_config.j2 similarity index 65% rename from ansible/roles/bastion-lite/files/bastion_ssh_config.j2 rename to ansible/roles/bastion-lite/templates/bastion_ssh_config.j2 index d8805cc..70eeaba 100644 --- a/ansible/roles/bastion-lite/files/bastion_ssh_config.j2 +++ b/ansible/roles/bastion-lite/templates/bastion_ssh_config.j2 @@ -1,4 +1,8 @@ -Host ec2* *.internal *.example.com +{% if cloud_provider == 'ec2' %} +Host ec2* *.internal +{% elif cloud_provider == 'osp' %} +Host *.example.com +{% endif %} User {{remote_user}} {% if use_own_key|bool %} IdentityFile ~/.ssh/{{env_authorized_key}}.pem @@ -9,3 +13,4 @@ StrictHostKeyChecking no ConnectTimeout 60 ConnectionAttempts 10 +{% endif %} \ No newline at end of file diff --git a/ansible/roles/bastion/files/bastion_ssh_config.j2 b/ansible/roles/bastion/files/bastion_ssh_config.j2 deleted file mode 100644 index d8805cc..0000000 --- a/ansible/roles/bastion/files/bastion_ssh_config.j2 +++ /dev/null @@ -1,11 +0,0 @@ -Host ec2* *.internal *.example.com - User {{remote_user}} -{% if use_own_key|bool %} - IdentityFile ~/.ssh/{{env_authorized_key}}.pem -{% else %} - IdentityFile ~/.ssh/{{key_name}}.pem -{% endif %} - ForwardAgent yes - StrictHostKeyChecking no - ConnectTimeout 60 - ConnectionAttempts 10 diff --git a/ansible/roles/bastion/tasks/main.yml b/ansible/roles/bastion/tasks/main.yml index 148ff7b..21e4e0d 100644 --- a/ansible/roles/bastion/tasks/main.yml +++ b/ansible/roles/bastion/tasks/main.yml @@ -35,7 +35,7 @@ - name: Generate host .ssh/config Template become: no - local_action: template src={{ role_path }}/files/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }} + local_action: template src={{ role_path }}/templates/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }} tags: - gen_sshconfig_file diff --git a/ansible/roles/bastion-lite/files/bastion_ssh_config.j2 b/ansible/roles/bastion/templates/bastion_ssh_config.j2 similarity index 65% copy from ansible/roles/bastion-lite/files/bastion_ssh_config.j2 copy to ansible/roles/bastion/templates/bastion_ssh_config.j2 index d8805cc..70eeaba 100644 --- a/ansible/roles/bastion-lite/files/bastion_ssh_config.j2 +++ b/ansible/roles/bastion/templates/bastion_ssh_config.j2 @@ -1,4 +1,8 @@ -Host ec2* *.internal *.example.com +{% if cloud_provider == 'ec2' %} +Host ec2* *.internal +{% elif cloud_provider == 'osp' %} +Host *.example.com +{% endif %} User {{remote_user}} {% if use_own_key|bool %} IdentityFile ~/.ssh/{{env_authorized_key}}.pem @@ -9,3 +13,4 @@ StrictHostKeyChecking no ConnectTimeout 60 ConnectionAttempts 10 +{% endif %} \ No newline at end of file diff --git a/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2 b/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2 deleted file mode 100644 index 89a9a15..0000000 --- a/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2 +++ /dev/null @@ -1,7 +0,0 @@ -Host ec2* *.internal *.example.com - User {{remote_user}} - IdentityFile ~/.ssh/{{env_authorized_key}}.pem - ForwardAgent yes - StrictHostKeyChecking no - ConnectTimeout 60 - ConnectionAttempts 10 diff --git a/ansible/roles/set_env_authorized_key/tasks/main.yml b/ansible/roles/set_env_authorized_key/tasks/main.yml index d410b37..7b5993a 100644 --- a/ansible/roles/set_env_authorized_key/tasks/main.yml +++ b/ansible/roles/set_env_authorized_key/tasks/main.yml @@ -34,7 +34,7 @@ - name: Generate host .ssh/config Template become: no - local_action: template src={{ role_path }}/files/host_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }} + local_action: template src={{ role_path }}/templates/host_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }} - name: copy over host .ssh/config Template become: true diff --git a/ansible/roles/set_env_authorized_key/templates/host_ssh_config.j2 b/ansible/roles/set_env_authorized_key/templates/host_ssh_config.j2 new file mode 100644 index 0000000..32f52c4 --- /dev/null +++ b/ansible/roles/set_env_authorized_key/templates/host_ssh_config.j2 @@ -0,0 +1,11 @@ +{% if cloud_provider == 'ec2' %} +Host ec2* *.internal +{% elif cloud_provider == 'osp' %} +Host *.example.com +{% endif %} + User {{remote_user}} + IdentityFile ~/.ssh/{{env_authorized_key}}.pem + ForwardAgent yes + StrictHostKeyChecking no + ConnectTimeout 60 + ConnectionAttempts 10 -- Gitblit v1.9.3