From ef0a964544a6570b88c5af63d49ec25e19bc1f75 Mon Sep 17 00:00:00 2001
From: Nate Stephany <nate@redhat.com>
Date: Fri, 17 Jan 2020 04:54:41 +0100
Subject: [PATCH] Add conditionals for cloud_provider in SSH configs (#1008)

---
 ansible/roles/set_env_authorized_key/tasks/main.yml               |    2 +-
 /dev/null                                                         |    7 -------
 ansible/roles/set_env_authorized_key/templates/host_ssh_config.j2 |   11 +++++++++++
 ansible/roles/bastion/tasks/main.yml                              |    2 +-
 ansible/roles/bastion/templates/bastion_ssh_config.j2             |    7 ++++++-
 ansible/roles/bastion-lite/tasks/main.yml                         |    2 +-
 ansible/roles/bastion-lite/templates/bastion_ssh_config.j2        |    7 ++++++-
 7 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/ansible/roles/bastion-lite/tasks/main.yml b/ansible/roles/bastion-lite/tasks/main.yml
index 3b09961..1616b71 100644
--- a/ansible/roles/bastion-lite/tasks/main.yml
+++ b/ansible/roles/bastion-lite/tasks/main.yml
@@ -16,7 +16,7 @@
 
 - name: Generate host .ssh/config Template
   become: no
-  local_action: template src={{ role_path }}/files/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}
+  local_action: template src={{ role_path }}/templates/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}
   tags:
     - gen_sshconfig_file
 
diff --git a/ansible/roles/bastion-lite/files/bastion_ssh_config.j2 b/ansible/roles/bastion-lite/templates/bastion_ssh_config.j2
similarity index 65%
rename from ansible/roles/bastion-lite/files/bastion_ssh_config.j2
rename to ansible/roles/bastion-lite/templates/bastion_ssh_config.j2
index d8805cc..70eeaba 100644
--- a/ansible/roles/bastion-lite/files/bastion_ssh_config.j2
+++ b/ansible/roles/bastion-lite/templates/bastion_ssh_config.j2
@@ -1,4 +1,8 @@
-Host ec2* *.internal *.example.com
+{% if cloud_provider == 'ec2' %}
+Host ec2* *.internal
+{% elif cloud_provider == 'osp' %}
+Host *.example.com
+{% endif %}	
   User {{remote_user}}
 {% if use_own_key|bool %}
   IdentityFile ~/.ssh/{{env_authorized_key}}.pem
@@ -9,3 +13,4 @@
   StrictHostKeyChecking no
   ConnectTimeout 60
   ConnectionAttempts 10
+{% endif %}	
\ No newline at end of file
diff --git a/ansible/roles/bastion/files/bastion_ssh_config.j2 b/ansible/roles/bastion/files/bastion_ssh_config.j2
deleted file mode 100644
index d8805cc..0000000
--- a/ansible/roles/bastion/files/bastion_ssh_config.j2
+++ /dev/null
@@ -1,11 +0,0 @@
-Host ec2* *.internal *.example.com
-  User {{remote_user}}
-{% if use_own_key|bool %}
-  IdentityFile ~/.ssh/{{env_authorized_key}}.pem
-{% else %}
-  IdentityFile ~/.ssh/{{key_name}}.pem
-{% endif %}
-  ForwardAgent yes
-  StrictHostKeyChecking no
-  ConnectTimeout 60
-  ConnectionAttempts 10
diff --git a/ansible/roles/bastion/tasks/main.yml b/ansible/roles/bastion/tasks/main.yml
index 148ff7b..21e4e0d 100644
--- a/ansible/roles/bastion/tasks/main.yml
+++ b/ansible/roles/bastion/tasks/main.yml
@@ -35,7 +35,7 @@
 
 - name: Generate host .ssh/config Template
   become: no
-  local_action: template src={{ role_path }}/files/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}
+  local_action: template src={{ role_path }}/templates/bastion_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}
   tags:
     - gen_sshconfig_file
 
diff --git a/ansible/roles/bastion-lite/files/bastion_ssh_config.j2 b/ansible/roles/bastion/templates/bastion_ssh_config.j2
similarity index 65%
copy from ansible/roles/bastion-lite/files/bastion_ssh_config.j2
copy to ansible/roles/bastion/templates/bastion_ssh_config.j2
index d8805cc..70eeaba 100644
--- a/ansible/roles/bastion-lite/files/bastion_ssh_config.j2
+++ b/ansible/roles/bastion/templates/bastion_ssh_config.j2
@@ -1,4 +1,8 @@
-Host ec2* *.internal *.example.com
+{% if cloud_provider == 'ec2' %}
+Host ec2* *.internal
+{% elif cloud_provider == 'osp' %}
+Host *.example.com
+{% endif %}	
   User {{remote_user}}
 {% if use_own_key|bool %}
   IdentityFile ~/.ssh/{{env_authorized_key}}.pem
@@ -9,3 +13,4 @@
   StrictHostKeyChecking no
   ConnectTimeout 60
   ConnectionAttempts 10
+{% endif %}	
\ No newline at end of file
diff --git a/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2 b/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2
deleted file mode 100644
index 89a9a15..0000000
--- a/ansible/roles/set_env_authorized_key/files/host_ssh_config.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-Host ec2* *.internal *.example.com
-   User {{remote_user}}
-   IdentityFile ~/.ssh/{{env_authorized_key}}.pem
-   ForwardAgent yes
-   StrictHostKeyChecking no
-   ConnectTimeout 60
-   ConnectionAttempts 10
diff --git a/ansible/roles/set_env_authorized_key/tasks/main.yml b/ansible/roles/set_env_authorized_key/tasks/main.yml
index d410b37..7b5993a 100644
--- a/ansible/roles/set_env_authorized_key/tasks/main.yml
+++ b/ansible/roles/set_env_authorized_key/tasks/main.yml
@@ -34,7 +34,7 @@
 
 - name: Generate host .ssh/config Template
   become: no
-  local_action: template src={{ role_path }}/files/host_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}
+  local_action: template src={{ role_path }}/templates/host_ssh_config.j2 dest={{output_dir}}/ssh-config-{{ env_type }}-{{ guid }}
 
 - name: copy over host .ssh/config Template
   become: true
diff --git a/ansible/roles/set_env_authorized_key/templates/host_ssh_config.j2 b/ansible/roles/set_env_authorized_key/templates/host_ssh_config.j2
new file mode 100644
index 0000000..32f52c4
--- /dev/null
+++ b/ansible/roles/set_env_authorized_key/templates/host_ssh_config.j2
@@ -0,0 +1,11 @@
+{% if cloud_provider == 'ec2' %}
+Host ec2* *.internal
+{% elif cloud_provider == 'osp' %}
+Host *.example.com
+{% endif %}	
+   User {{remote_user}}
+   IdentityFile ~/.ssh/{{env_authorized_key}}.pem
+   ForwardAgent yes
+   StrictHostKeyChecking no
+   ConnectTimeout 60
+   ConnectionAttempts 10

--
Gitblit v1.9.3