richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Allow connecting to bastion via non-standard SSH port (#7396) 

* Allow connecting to bastion via non-standard port

* Fix bastion connection when ansible_port is not provided
pull/7412/head
Kaleb Elwert 4 years ago
committed by GitHub
parent
7dec8e5caa
commit
6fa3565dac
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 3 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      roles/bastion-ssh-config/tasks/main.yml
  2. 2
      roles/bastion-ssh-config/templates/ssh-bastion.conf
  3. 2
      roles/kubespray-defaults/defaults/main.yaml

3
roles/bastion-ssh-config/tasks/main.yml
View File

@ -1,7 +1,8 @@
---
- name: set bastion host IP
- name: set bastion host IP and port
set_fact:
bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
bastion_port: "{{ hostvars[groups['bastion'][0]]['ansible_port'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_port']) | d(22) }}"
delegate_to: localhost
connection: local

2
roles/bastion-ssh-config/templates/ssh-bastion.conf
View File

@ -15,4 +15,4 @@ Host {{ bastion_ip }}
ControlPersist 5m
Host {{ vars['hosts'] }}
ProxyCommand ssh -F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p {{ real_user }}@{{ bastion_ip }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}
ProxyCommand ssh -F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -p {{ bastion_port }} {{ real_user }}@{{ bastion_ip }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}

2
roles/kubespray-defaults/defaults/main.yaml
View File

@ -1,7 +1,7 @@
---
# Use proxycommand if bastion host is in group all
# This change obseletes editing ansible.cfg file depending on bastion existence
ansible_ssh_common_args: "{% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}"
ansible_ssh_common_args: "{% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -p {{ hostvars['bastion']['ansible_port'] | default(22) }} {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}"
# selinux state
preinstall_selinux_state: permissive

Write Preview
Loading…
Cancel
Save