This sets up an SSH proxy through on port 2222 (if using the default port, 22, you can drop the port argument). If I am connected to the private network directly, I can just run ansible commands and playbooks, and Ansible can see all the servers and connect to them (assuming my SSH config is otherwise correct).įrom the outside, though, I need to modify my inventory to look like the following: Īnsible_ssh_common_args='-o Prox圜ommand="ssh -p 2222 -W %h:%p -q "' In my Ansible project, I had an inventory file like the following:
This is helpful for a project that might be run from various workstations or servers without the same SSH configuration (the configuration is stored alongside the playbook, in the inventory).
#Ssh tunnel bastion how to
The first way to do it with Ansible is to describe how to connect through the proxy server in Ansible's inventory. That network is connected to the Internet through a single reverse proxy / 'bastion' host.īut I still want to be able to manage the servers on the private network behind the bastion from outside. I have a set of servers that are running on a private network. Since I've set this up a number of times, but I just realized I've never documented it on my blog, I thought I'd finally do that.
0 kommentar(er)
