According to the docs setting ProxyCommand in ansible_ssh_command_args will enable access to private servers via a jump server.
I am attempting to do this but keeping the error Control socket “/Users/pnotes/.ansible/cp/cfed83541a” does not exist.
My current setup is thus:
ansible/test/inventory.ini
[all]
bastion-0
private-server0
[bastions]
bastion-0 ansible_host=104.xxx.xx.xxx
[private_servers]
private-server0 ansible_host=68.xxx.xxx.xxx
ansible/test/host_vars/private-server0.yaml
---
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p -q root@bastion-ip-address"'
the output of running playbook command with -vvvv:
task path: /Users/pnotes/Desktop/bastion-setup/ansible/common.yaml:2
<68.xxx.xxx.xxx> ESTABLISH SSH CONNECTION FOR USER: root
<68.xxx.xxx.xxx> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/pnotes/.ssh/root_test_key_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o 'ProxyCommand=ssh -o StrictHostKeyChecking=no -W %h:%p -q root@104.xxx.xx.xxx' -o ControlPath=/Users/pnotes/.ansible/cp/cfed83541a 68.xxx.xxx.xxx '/bin/sh -c '"'"'echo ~root && sleep 0'"'"''
<68.xxx.xxx.xxx> (255, b'', b'OpenSSH_7.9p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /Users/pnotes/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 48: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 68.xxx.xxx.xxx is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/Users/pnotes/.ansible/cp/cfed83541a" does not exist\r\ndebug1: Executing proxy command: exec ssh -o StrictHostKeyChecking=no -W 68.xxx.xxx.xxx:22 -q root@104.xxx.xx.xxx\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: identity file /Users/pnotes/.ssh/root_test_key_id_rsa type 0\r\ndebug1: identity file /Users/pnotes/.ssh/root_test_key_id_rsa-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.9\r\nssh_exchange_identification: Connection closed by remote host\r\n')
fatal: [test-docker-0]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: OpenSSH_7.9p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /Users/pnotes/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 48: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 68.xxx.xxx.xxx is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/Users/pnotes/.ansible/cp/cfed83541a\" does not exist\r\ndebug1: Executing proxy command: exec ssh -o StrictHostKeyChecking=no -W 68.xxx.xxx.xxx:22 -q root@104.xxx.xx.xxx\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: identity file /Users/pnotes/.ssh/root_test_key_id_rsa type 0\r\ndebug1: identity file /Users/pnotes/.ssh/root_test_key_id_rsa-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.9\r\nssh_exchange_identification: Connection closed by remote host\r\n",
"unreachable": true
}
I don’t understand why this isn’t working and would greatly appreciate an explanation. Thank you.
Note:
When I edit my personal ssh config file (~/.ssh/config) with the details of the jump server and the private server, I am able to connect without a problem. BUT I would rather not have to edit my personal ssh config file for ansible controlled hosts (these are setup/torn-down numerous times for testing, staging environments).