From 4dcf148c48e09089f7714ff24dcec8c8a3161bdd Mon Sep 17 00:00:00 2001 From: rshah Date: Wed, 3 Aug 2022 16:40:27 -0400 Subject: [PATCH 1/3] re-add ssh config to ocp on gcp --- .../gcp_infrastructure_deployment.yml | 7 ++ .../cloud_providers/gcp_ssh_config_setup.yml | 88 +++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 ansible/cloud_providers/gcp_ssh_config_setup.yml diff --git a/ansible/cloud_providers/gcp_infrastructure_deployment.yml b/ansible/cloud_providers/gcp_infrastructure_deployment.yml index 9fbdfb375e5..e01c425574f 100644 --- a/ansible/cloud_providers/gcp_infrastructure_deployment.yml +++ b/ansible/cloud_providers/gcp_infrastructure_deployment.yml @@ -140,6 +140,13 @@ # Copy env_vars variables from the config to all hosts - import_playbook: ../include_vars.yml +- name: Configure local ssh config for bastion proxy use + import_playbook: "{{cloud_provider}}_ssh_config_setup.yml" + when: groups["bastions"] is defined and (groups["bastions"]|length>0) + tags: + - must + - create_inventory + - name: wait_for_connection for all non-windows machines and set hostname hosts: - all:!windows:!network diff --git a/ansible/cloud_providers/gcp_ssh_config_setup.yml b/ansible/cloud_providers/gcp_ssh_config_setup.yml new file mode 100644 index 00000000000..36a6c80f30f --- /dev/null +++ b/ansible/cloud_providers/gcp_ssh_config_setup.yml @@ -0,0 +1,88 @@ +--- +########################################################################### +# CAUTION +########################################################################### +# This file is used for several cloud provider. Keep in mind when you +# update it and make sure it works for all of them using this common conf. +########################################################################### + +- name: SSH config setup + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - create_ssh_config + tasks: + - name: Store bastion hostname as a fact + set_fact: + bastion_hostname: "{{groups['bastions'].0 }}" + # This is where the ssh_config file will be created, this file is used to + # define the communication method to all the hosts in the deployment + ansible_ssh_config: "{{output_dir}}/{{ env_type }}_{{ guid }}_ssh_conf" + ansible_known_host: "{{output_dir}}/{{ env_type }}_{{ guid }}_ssh_known_hosts" + + - name: Delete dedicated known_host if it exists (new deployment) + file: + dest: "{{ansible_known_host}}" + state: absent + + - name: delete local ssh config, start fresh + file: + dest: "{{ ansible_ssh_config }}" + state: absent + + - name: Create empty local ssh config + file: + dest: "{{ ansible_ssh_config }}" + state: touch + + - name: Add bastion proxy config to workdir ssh config file + blockinfile: + dest: "{{ ansible_ssh_config }}" + marker: "##### {mark} ADDED BASTION PROXY HOST {{ env_type }}-{{ guid }} ######" + content: | + Host {{ bastion_hostname }} {{ hostvars[bastion_hostname].shortname |d('')}} + Hostname {{ hostvars[bastion_hostname].public_dns_name }} + IdentityFile {{ env_authorized_key_path }} + IdentitiesOnly yes + User {{ remote_user }} + ControlMaster auto + ControlPath /tmp/{{ guid }}-%r-%h-%p + ControlPersist 5m + StrictHostKeyChecking no + ConnectTimeout 60 + ConnectionAttempts 10 + UserKnownHostsFile {{ansible_known_host}} + tags: + - bastion_proxy_config_main + + - name: Add all hosts to workdir ssh config file + blockinfile: + dest: "{{ ansible_ssh_config }}" + marker: "##### {mark} ADDED Node Proxy Config {{ item }} {{ env_type }}-{{ guid }} ######" + block: | + Host {{ item }} {{ hostvars[item].public_ip_address | default('') }} {{ hostvars[item].shortname |d('')}} + Hostname {{ hostvars[item].private_ip_address }} + User {{ remote_user }} + IdentityFile {{ env_authorized_key_path }} + ProxyCommand ssh -F {{ ansible_ssh_config }} {{ bastion_hostname }} -W %h:%p + StrictHostKeyChecking no + UserKnownHostsFile {{ansible_known_host}} + when: item not in [bastion_hostname, 'localhost', '127.0.0.1'] + with_items: "{{ groups['all'] }}" + tags: + - bastion_proxy_config_hosts + +- name: Set ssh extra args for all hosts, use ssh_config just created + hosts: all + gather_facts: false + any_errors_fatal: true + ignore_errors: false + tags: + - step001 + - ssh_args + tasks: + - name: add -F option ansible_ssh_extra_args + set_fact: + ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|d() }} -F {{ hostvars['localhost'].ansible_ssh_config }}" From a1d62e72408892213318f40645676ff61f6b78b6 Mon Sep 17 00:00:00 2001 From: rshah Date: Wed, 3 Aug 2022 16:42:18 -0400 Subject: [PATCH 2/3] update caution at top --- ansible/cloud_providers/gcp_ssh_config_setup.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/ansible/cloud_providers/gcp_ssh_config_setup.yml b/ansible/cloud_providers/gcp_ssh_config_setup.yml index 36a6c80f30f..0f0541ba7f7 100644 --- a/ansible/cloud_providers/gcp_ssh_config_setup.yml +++ b/ansible/cloud_providers/gcp_ssh_config_setup.yml @@ -1,11 +1,4 @@ --- -########################################################################### -# CAUTION -########################################################################### -# This file is used for several cloud provider. Keep in mind when you -# update it and make sure it works for all of them using this common conf. -########################################################################### - - name: SSH config setup hosts: localhost connection: local From daa43423b7c797d67980ba226049bf3a027e5979 Mon Sep 17 00:00:00 2001 From: rshah Date: Thu, 4 Aug 2022 10:00:58 -0400 Subject: [PATCH 3/3] fixing d() --- ansible/cloud_providers/gcp_ssh_config_setup.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/cloud_providers/gcp_ssh_config_setup.yml b/ansible/cloud_providers/gcp_ssh_config_setup.yml index 0f0541ba7f7..10c86f58606 100644 --- a/ansible/cloud_providers/gcp_ssh_config_setup.yml +++ b/ansible/cloud_providers/gcp_ssh_config_setup.yml @@ -78,4 +78,4 @@ tasks: - name: add -F option ansible_ssh_extra_args set_fact: - ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|d() }} -F {{ hostvars['localhost'].ansible_ssh_config }}" + ansible_ssh_extra_args: "{{ ansible_ssh_extra_args|default() }} -F {{ hostvars['localhost'].ansible_ssh_config }}"