Skip to content

Commit

Permalink
Allow connecting to bastion via non-standard SSH port (kubernetes-sig…
Browse files Browse the repository at this point in the history
…s#7396)

* Allow connecting to bastion via non-standard port

* Fix bastion connection when ansible_port is not provided
  • Loading branch information
belak authored Mar 26, 2021
1 parent 7dec8e5 commit 6fa3565
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 3 deletions.
3 changes: 2 additions & 1 deletion roles/bastion-ssh-config/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
- name: set bastion host IP
- name: set bastion host IP and port
set_fact:
bastion_ip: "{{ hostvars[groups['bastion'][0]]['ansible_host'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_host']) }}"
bastion_port: "{{ hostvars[groups['bastion'][0]]['ansible_port'] | d(hostvars[groups['bastion'][0]]['ansible_ssh_port']) | d(22) }}"
delegate_to: localhost
connection: local

Expand Down
2 changes: 1 addition & 1 deletion roles/bastion-ssh-config/templates/ssh-bastion.conf
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@ Host {{ bastion_ip }}
ControlPersist 5m

Host {{ vars['hosts'] }}
ProxyCommand ssh -F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p {{ real_user }}@{{ bastion_ip }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}
ProxyCommand ssh -F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -p {{ bastion_port }} {{ real_user }}@{{ bastion_ip }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %}
2 changes: 1 addition & 1 deletion roles/kubespray-defaults/defaults/main.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
# Use proxycommand if bastion host is in group all
# This change obseletes editing ansible.cfg file depending on bastion existence
ansible_ssh_common_args: "{% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}"
ansible_ssh_common_args: "{% if 'bastion' in groups['all'] %} -o ProxyCommand='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -W %h:%p -p {{ hostvars['bastion']['ansible_port'] | default(22) }} {{ hostvars['bastion']['ansible_user'] }}@{{ hostvars['bastion']['ansible_host'] }} {% if ansible_ssh_private_key_file is defined %}-i {{ ansible_ssh_private_key_file }}{% endif %} ' {% endif %}"

# selinux state
preinstall_selinux_state: permissive
Expand Down

0 comments on commit 6fa3565

Please sign in to comment.