ssh client config referenced by ssh_args in ansible.cfg

i have a ssh client config that works, and it has Host definition for the bastion at the top, and then all the inside hosts are listed below it in the same file with an appropriate ProxyCommand statement.

i have a directory at ~/repo/some-ansible-repo/

~/repo/some-ansible-repo/ansible.cfg looks like this:

`
$ cat ./ansible.cfg
[defaults]
inventory = ./hosts
host_key_checking = false
deprecation_warnings=false
vault_password_file = …/vault_password_file_blah

[ssh_connection]
ssh_args=“-F ~/.ssh/dev-cluster.config -o ControlPath=/tmp/ansible-ssh-%h-%p-%r -o ControlMaster=auto -o ControlPersist=30m”
control_path = ~/.ansible/cp
`

Ansible can connect to the bastion, but it cannot connect to any of the inside hosts unless the client config has:

`
Include ~/.ssh/dev-cluster.config

`

Am I doing something wrong with ansible.cfg?
Why is it ignoring my -F?

ssh_args cannot utilize shell expansions such as ~.

On the command line this works because your shell expands it. In an ansible.cfg file, they are not expanded. You would need to use a full path with -F

Thank you for your response, actually, embarrassingly, i knew that. i apologize but i changed the full path to the file to protect the innocent.

So, what im saying is that im using full paths, and its still not picking up the whole config, it can only connect to the bastion.

I doubt this will be the issue, but I see you’re supplying controlpath both directly as an ansible config option, and as part of the ssh_args, and they have different values.

Could it be that this inconsistency somehow caused the -F argument to be ignored?

Can you try removing one of the two control path instances?

Dick

i commented out the line you suggested, ensured i had the Include line in my default ssh client config commented out, and it can only connect to the bastion still. thank you for your suggestion.