new proxy feature?

Michael_DeHaan2 · April 11, 2013, 4:00pm

That is the ‘environment’ keyword for setting, among other things http_proxy and https_proxy variables.

Not entirely sure why your double jump didn’t work, but single hosts do.

Is it possible to run ansible from that initial host?

Brian_Coca1 · April 12, 2013, 12:03am

I’ve had it working with no issues with up to 4 jumps.

Brian Coca

Makimoto_Marakatti · April 12, 2013, 9:02am

I’d be more than interested to learn how you do that. Can you elaborate or give some pointers?

How we have configured ssh_config is simple enough:

Host host1
ProxyCommand ssh -q -W %h:%p jumpbox
HostName host1
Host host2
ProxyCommand ssh -q -W %h:%p host1
HostName host2

for direct ssh access it works. Ansible throws a tantrum for host2…

thanks!

Serge_van_Ginderacht · April 12, 2013, 10:03am

i just tested it with some of my hosts (names rewritten):

Host intermediate
proxyCommand ssh -q -W %h:%p jump

Host test
proxyCommand ssh -q -W %h:%p intermediate

This works perfectly running ansible on the test host, with -c ssh of course.

You do use -c ssh ?

Serge

Makimoto_Marakatti · April 12, 2013, 10:24am

Hi

Yes, I do use the ssh transport. See my example here:

Host box3
ProxyCommand ssh -q -W %h:%p jumpbox
HostName box3
Host box1
ProxyCommand ssh -q -W %h:%p box3
HostName box1

Now ansible fails thus:

$ ansible box1 -m raw -a "echo ‘hello’ " -k -c ssh
SSH password:
box1 | FAILED | rc=5 >>

But ssh let’s me in with no issues:

$ ssh box1
user@box3’s password:
user@box1’s password:
Last login: Fri Apr 12 11:11:02 2013 from box3.domain.org
[user@box1 ~]$

The striking difference is that ansible only asks me for one passwd, where ssh asks me the password for box3 and the diligently asks me for the passwd for box1. (If you are wondering, I’ve got a ssh key on jumpbox)

I do not know if this relevant or not, but from where I’m sitting, if it’s using ssh to communicate, it should ask me for the second box’s passwd?

Thanks!

Makimoto_Marakatti · April 12, 2013, 11:42am

Hi

You mean like having ansible installed on my control box AND on some jumpboxes??? Would that not be a configuration nightmare?
Or am I misunderstanding here?

Michael_DeHaan2 · April 12, 2013, 1:56pm

Jump hosts are entirely an SSH thing and do not require ansible installed on intermediate boxes.

Brian_Coca1 · April 12, 2013, 6:38pm

I just used keys and didn’t have to prompt for ssh password, not sure what happens if ansible is prompted for passwords more than once.

Serge_van_Ginderacht · April 12, 2013, 6:45pm

This might be the problem. I can't tell how ansible logic really responses
to this.

Serge

Michael_DeHaan2 · April 12, 2013, 8:09pm

Keys are your friends!

Makimoto_Marakatti · April 12, 2013, 9:12pm

Keys it is then. Still gotta “sell” ansible to my team, but we’ll get there
Thanks to all

Topic		Replies	Views
Hosts behind ssh-proxy Ansible Project	4	3	May 2, 2018
ansible ssh jump hosts Ansible Project ansible-project	1	0	August 1, 2012
SSH via Jumpbox Ansible Project	9	1	January 13, 2017
Ansible Playbook Through Proxy with Interactive Login Get Help playbook	5	43	December 9, 2024
playbook via jumphost Ansible Project	3	0	December 31, 2012

new proxy feature?

Related topics