Merge pull request 'add a playbook to configure ssh to use the ssh gateway for the internal systems' (!104) from ssh-config-playbook into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/104 Reviewed-by: Stefan Haun <tux@netz39.de>
This commit is contained in:
commit
a191de209c
4 changed files with 76 additions and 0 deletions
11
README.md
11
README.md
|
|
@ -7,16 +7,27 @@ ansible -i inventory.yml all --list-hosts
|
||||||
```
|
```
|
||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ansible-galaxy install -r requirements.yml
|
ansible-galaxy install -r requirements.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Setup SSH Access to hosts
|
||||||
|
|
||||||
|
```bash
|
||||||
|
LOGUSER=<loguser>
|
||||||
|
SSH_KEY=<absolute/path/to/ssh/private/key>
|
||||||
|
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"
|
||||||
|
```
|
||||||
|
|
||||||
## Edit vault encrypted vars files
|
## Edit vault encrypted vars files
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ansible-vault edit group_vars/all/vault
|
ansible-vault edit group_vars/all/vault
|
||||||
```
|
```
|
||||||
|
|
||||||
## Call with
|
## Call with
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ansible-playbook -i inventory.yml --ask-vault-pass main.yml
|
ansible-playbook -i inventory.yml --ask-vault-pass main.yml
|
||||||
```
|
```
|
||||||
|
|
|
||||||
|
|
@ -19,3 +19,17 @@ all:
|
||||||
krypton.n39.eu:
|
krypton.n39.eu:
|
||||||
oganesson.n39.eu:
|
oganesson.n39.eu:
|
||||||
holmium.n39.eu:
|
holmium.n39.eu:
|
||||||
|
ssh_jump:
|
||||||
|
hosts:
|
||||||
|
pottwal.n39.eu:
|
||||||
|
unicorn.n39.eu:
|
||||||
|
radon.n39.eu:
|
||||||
|
krypton.n39.eu:
|
||||||
|
oganesson.n39.eu:
|
||||||
|
holmium.n39.eu:
|
||||||
|
platon.n39.eu:
|
||||||
|
beaker.n39.eu:
|
||||||
|
wittgenstein.n39.eu:
|
||||||
|
ssh_no_jump:
|
||||||
|
hosts:
|
||||||
|
tau.netz39.de:
|
||||||
24
setup-ssh.yml
Normal file
24
setup-ssh.yml
Normal file
|
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
- name: configure local ssh to access n39 hosts
|
||||||
|
hosts: localhost
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: ensure {{ lookup('env', 'HOME') }}/.ssh/config.d/ dir is present
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ lookup('env', 'HOME') }}/.ssh/config.d/"
|
||||||
|
state: directory
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: template ssh config for access to internal systems
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: templates/ssh_config.j2
|
||||||
|
dest: "{{ lookup('env', 'HOME') }}/.ssh/config.d/n39_config"
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: ensure that n39 access config is included
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: ~/.ssh/config
|
||||||
|
insertbefore: BOF
|
||||||
|
regexp: '^Include'
|
||||||
|
line: Include config.d/n39_config
|
||||||
|
delegate_to: localhost
|
||||||
27
templates/ssh_config.j2
Normal file
27
templates/ssh_config.j2
Normal file
|
|
@ -0,0 +1,27 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
Host ssh.n39.eu
|
||||||
|
Hostname ssh.n39.eu
|
||||||
|
IdentityFile {{ setup_ssh_key }}
|
||||||
|
IdentitiesOnly yes
|
||||||
|
User {{ setup_ssh_logname }}
|
||||||
|
Port 22
|
||||||
|
|
||||||
|
{% for host in groups['ssh_jump'] %}
|
||||||
|
Host {{ host }}
|
||||||
|
Hostname {{ host }}
|
||||||
|
IdentityFile {{ setup_ssh_key }}
|
||||||
|
IdentitiesOnly yes
|
||||||
|
User {{ setup_ssh_logname }}
|
||||||
|
ProxyJump ssh.n39.eu
|
||||||
|
Port 22
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
|
{% for host in groups['ssh_no_jump'] %}
|
||||||
|
Host {{ host }}
|
||||||
|
Hostname {{ host }}
|
||||||
|
IdentityFile {{ setup_ssh_key }}
|
||||||
|
IdentitiesOnly yes
|
||||||
|
User {{ setup_ssh_logname }}
|
||||||
|
Port 22
|
||||||
|
|
||||||
|
{% endfor %}
|
||||||
Loading…
Reference in a new issue