add a playbook to configure ssh to use the ssh gateway for the internal systems

This commit is contained in:
David Kilias 2022-11-04 22:53:56 +01:00
parent c560cbe67d
commit 61cbc4abdd
4 changed files with 76 additions and 0 deletions

View file

@ -7,16 +7,27 @@ ansible -i inventory.yml all --list-hosts
``` ```
## Setup ## Setup
```bash ```bash
ansible-galaxy install -r requirements.yml ansible-galaxy install -r requirements.yml
``` ```
## Setup SSH Access to hosts
```bash
LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"
```
## Edit vault encrypted vars files ## Edit vault encrypted vars files
```bash ```bash
ansible-vault edit group_vars/all/vault ansible-vault edit group_vars/all/vault
``` ```
## Call with ## Call with
```bash ```bash
ansible-playbook -i inventory.yml --ask-vault-pass main.yml ansible-playbook -i inventory.yml --ask-vault-pass main.yml
``` ```

View file

@ -19,3 +19,17 @@ all:
krypton.n39.eu: krypton.n39.eu:
oganesson.n39.eu: oganesson.n39.eu:
holmium.n39.eu: holmium.n39.eu:
ssh_jump:
hosts:
pottwal.n39.eu:
unicorn.n39.eu:
radon.n39.eu:
krypton.n39.eu:
oganesson.n39.eu:
holmium.n39.eu:
platon.n39.eu:
beaker.n39.eu:
wittgenstein.n39.eu:
ssh_no_jump:
hosts:
tau.netz39.de:

24
setup-ssh.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: configure local ssh to access n39 hosts
hosts: localhost
tasks:
- name: ensure {{ lookup('env', 'HOME') }}/.ssh/config.d/ dir is present
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ssh/config.d/"
state: directory
delegate_to: localhost
- name: template ssh config for access to internal systems
ansible.builtin.template:
src: templates/ssh_config.j2
dest: "{{ lookup('env', 'HOME') }}/.ssh/config.d/n39_config"
delegate_to: localhost
- name: ensure that n39 access config is included
ansible.builtin.lineinfile:
path: ~/.ssh/config
insertbefore: BOF
regexp: '^Include'
line: Include config.d/n39_config
delegate_to: localhost

27
templates/ssh_config.j2 Normal file
View file

@ -0,0 +1,27 @@
# {{ ansible_managed }}
Host ssh.n39.eu
Hostname ssh.n39.eu
IdentityFile {{ setup_ssh_key }}
IdentitiesOnly yes
User {{ setup_ssh_logname }}
Port 22
{% for host in groups['ssh_jump'] %}
Host {{ host }}
Hostname {{ host }}
IdentityFile {{ setup_ssh_key }}
IdentitiesOnly yes
User {{ setup_ssh_logname }}
ProxyJump ssh.n39.eu
Port 22
{% endfor %}
{% for host in groups['ssh_no_jump'] %}
Host {{ host }}
Hostname {{ host }}
IdentityFile {{ setup_ssh_key }}
IdentitiesOnly yes
User {{ setup_ssh_logname }}
Port 22
{% endfor %}