Problem choosing proper structure of my ansible playbook/inventory

Trying to figure out how to the get following solved. Coming from Puppet I have a bit of an adjustment to make.

I’m trying to configure a few comware/arista switches which are only accessible via a certain jump host.

My inventory look like:

`
[comware]
switch1
switch2

[arista]
switch3

[switches:children]
comware
arista
`

First my though was to create a role named “my-switches”
Create a playbook with the hosts set to “switches” which would loop through the list [switch1, switch2, switch3]
Since they are only accessable via a certain jump-node I though using the “delegate_to: jump_host” for each tasks.

But I also get some pre-tasks I would like to have executed installing required pip packages on the jump_host.

Could really get this sorted out. Pre-tasks not running on the correct host so then I switched to a different way of doing this.

Created a dict in the group_vars/all.yml

switches: user: admin pass: password list: switch1: flavor: comware switch2: flavor: comare switch3: flavor: arista

And then setting the hosts in the playbook to “jump_host”. Now the pre-tasks installs correctly and I’m using with_items to loop switches.list
But delegate_to seems to be overrided by the fact that hosts in the playbook is set to “jump_host”.

The comware module runs ssh against my jump_host for every loop (with_items) in roles/my-switches/tasks/main.yml.
Some how feels incorrect to build up a list of switches to iterate over instead of using the inventory.

Not exactly sure what I’m failing to understand. Tried using the ansible_host variable in the role but I’m guessing it gets overruled by the hosts: jump_host defined in the playbook.

Maybe I’m jumping into ansible not doing the proper homework first of passing the primer.

Did my question even make sense?

Also would be nice to be able to figure out which group a switch came from in my first example to get the flavor of it not using extra variables when using groups of groups.

Thanks!

Have you look at this?
https://docs.ansible.com/ansible/latest/faq.html#how-do-i-configure-a-jump-host-to-access-servers-that-i-have-no-direct-access-to

Thanks Kai for responding!

Seen that one. Maybe jump_host was really as missleading name. It’s really the name of the host I want having execute the commands. Thinking this is the use of delegate_to.
/Fredrik

Seems to be more related to variable precedence

failed: [cmu.lab.net] (item=v300) => { "changed": false, "failed": true, "invocation": { "module_args": { "descr": "Mitt vlan 300", "hostname": "cmu.lab.net", "name": "VLAN10_WEB", "password": "abc123", "port": 830, "state": "present", "username": "hp", "vlanid": "300" } }, "item": "v300", "msg": "ConnectionSSHError: host: 10.0.1.32, port: 830 msg: There was an error connecting with SSH. The NETCONF server may be down or refused the connection. The connection may have timed out if the server wasn't reachable."

Since the hosts in my playbook is only pointing to the host cmu.lab.net where im executing my tasks it seems to override me pointing to a different host in the tasks.
I have also tried using a hardcoded ip. which is beeing replaced by the inventory_hostname.
So the module itself uses ssh for connection to the comware switches. Not working like some of the rest-api based modules. It seems to be relying on the normal ssh transport.
So maybe the jumphost is what I really need.
`

• name: C
  comware_vlan:
  vlanid: “{{ item | regex_search(‘[0-9]+’) }}”
  name: VLAN10_WEB
  descr: “{{ switches.vlan_descriptions[item] }}”
  username: “{{ switches.user }}”
  password: “{{ switches.password }}”
  hostname: 172.16.1.241
  with_items: “{{ switches.vlans[switches.list[outer_item].type] }}”

`