Ansible Jump thru Bastion host

Archives Ansible Project
1

Hello All,

In my environment, Ansible server (A) does not have trust access to its clients.
I have another host (B), which allows trust access(using keys) to all hosts in the environment.

Host B has root trusted for entire environment. I can access any other host by running SUDO from my ID.(e.g sudo ssh hostx works from host B from my id)

I have setup trust keys between the Ansible account on host A and my account on host B , which works. I want Ansible to use that trust to jump to host A and then run “SUDO ssh hostx”. Here hostx would be any host which is part of my inventory when I call my playbook.

I am not getting any success so far to jump to any client from Ansible(A) via Host B.

A command line ssh from A via jump (B) to destination hostx works fine:
A prompt > ssh -t dane@B “sudo ssh hostx hostname”

Please let me know if I am not clear or need to elaborate further.

Appreciate any help or any ideas.

Thanks much!
Rajeev

2

It’s in the docs: http://docs.ansible.com/ansible/faq.html#how-do-i-configure-a-jump-host-to-access-servers-that-i-have-no-direct-access-to

3

Thanks for input, but it still does not work for me.

Here are my configs/errors. ssh -F .ssh/config, works fine , just fails thru Ansible

ansible.cfg:

ssh_args = -F /opt/ansible/.ssh/config

/opt/ansible/.ssh/config:

Host 10.116.10.114
Hostname 10.116.10.114
User duttr
IdentityFile /opt/ansible/.ssh/id_dsa
PasswordAuthentication no
ForwardAgent yes
ServerAliveInterval 60
TCPKeepAlive yes
ControlMaster auto
ControlPath /opt/ansible/.ssh/ansible-%r@%h:%p
ControlPersist 15m
ProxyCommand none
LogLevel QUIET

Host *
User duttr
IdentityFile /opt/ansible/.ssh/id_dsa
ServerAliveInterval 60
TCPKeepAlive yes
ProxyCommand ssh -W %h:%p -q duttr@10.116.10.114
LogLevel QUIET
StrictHostKeyChecking no

ssh -F .ssh/config 51.16.67.33 df -h /
Password:
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 28G 22G 4.6G 83% /

Thru Ansible:

Using /etc/ansible/ansible.cfg as config file
Loading callback plugin default of type stdout, v2.0 from /opt/ansible/ansible/lib/ansible/plugins/callback/init.pyc
Loading callback plugin unnamed of type old, v1.0 from /opt/ansible/ansible/lib/ansible/plugins/callback/init.pyc
Loading callback plugin unnamed of type old, v1.0 from /opt/ansible/ansible/lib/ansible/plugins/callback/init.pyc

PLAYBOOK: helloworld_ver2.yml ************************************************************************************************************************************
1 plays in playbks/helloworld_ver2.yml

PLAY [Test ping on localhost] ************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************
Using module file /opt/ansible/ansible/lib/ansible/modules/system/setup.py
<51.16.67.33> ESTABLISH SSH CONNECTION FOR USER: None
<51.16.67.33> SSH: ansible.cfg set ssh_args: (-F)(/opt/ansible/.ssh/config)
<51.16.67.33> SSH: ansible_password/ansible_ssh_pass not set: (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(PasswordAuthentication=no)
<51.16.67.33> SSH: ANSIBLE_TIMEOUT/timeout set: (-o)(ConnectTimeout=10)
<51.16.67.33> SSH: PlayContext set ssh_common_args: ()
<51.16.67.33> SSH: PlayContext set ssh_extra_args: ()
<51.16.67.33> SSH: EXEC ssh -vvv -F /opt/ansible/.ssh/config -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 51.16.67.33 ‘/bin/sh -c ‘"’"’/usr/bin/python && sleep 0’“'”‘’
fatal: [51.16.67.33]: UNREACHABLE! => {
“changed”: false,
“msg”: “SSH Error: data could not be sent to remote host "51.16.67.33". Make sure this host can be reached over ssh”,
“unreachable”: true
}

msg: SSH Error: data could not be sent to remote host “51.16.67.33”. Make sure this host can be reached over ssh

msg: SSH Error: data could not be sent to remote host “51.16.67.33”. Make sure this host can be reached over ssh
to retry, use: --limit @/opt/ansible/playbks/helloworld_ver2.retry

PLAY RECAP *******************************************************************************************************************************************************
51.16.67.33 : ok=0 changed=0 unreachable=1 failed=0

Rajeev