Merge pull request 'add a playbook to configure ssh to use the ssh gateway for the internal systems' (!104) from ssh-config-playbook into master

Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/104
Reviewed-by: Stefan Haun <tux@netz39.de>
This commit is contained in:
dkdent 2022-11-06 07:25:04 +00:00
commit a191de209c
4 changed files with 76 additions and 0 deletions

View file

@ -7,16 +7,27 @@ ansible -i inventory.yml all --list-hosts
```
## Setup
```bash
ansible-galaxy install -r requirements.yml
```
## Setup SSH Access to hosts
```bash
LOGUSER=<loguser>
SSH_KEY=<absolute/path/to/ssh/private/key>
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"
```
## Edit vault encrypted vars files
```bash
ansible-vault edit group_vars/all/vault
```
## Call with
```bash
ansible-playbook -i inventory.yml --ask-vault-pass main.yml
```

View file

@ -19,3 +19,17 @@ all:
krypton.n39.eu:
oganesson.n39.eu:
holmium.n39.eu:
ssh_jump:
hosts:
pottwal.n39.eu:
unicorn.n39.eu:
radon.n39.eu:
krypton.n39.eu:
oganesson.n39.eu:
holmium.n39.eu:
platon.n39.eu:
beaker.n39.eu:
wittgenstein.n39.eu:
ssh_no_jump:
hosts:
tau.netz39.de:

24
setup-ssh.yml Normal file
View file

@ -0,0 +1,24 @@
---
- name: configure local ssh to access n39 hosts
hosts: localhost
tasks:
- name: ensure {{ lookup('env', 'HOME') }}/.ssh/config.d/ dir is present
ansible.builtin.file:
path: "{{ lookup('env', 'HOME') }}/.ssh/config.d/"
state: directory
delegate_to: localhost
- name: template ssh config for access to internal systems
ansible.builtin.template:
src: templates/ssh_config.j2
dest: "{{ lookup('env', 'HOME') }}/.ssh/config.d/n39_config"
delegate_to: localhost
- name: ensure that n39 access config is included
ansible.builtin.lineinfile:
path: ~/.ssh/config
insertbefore: BOF
regexp: '^Include'
line: Include config.d/n39_config
delegate_to: localhost

27
templates/ssh_config.j2 Normal file
View file

@ -0,0 +1,27 @@
# {{ ansible_managed }}
Host ssh.n39.eu
Hostname ssh.n39.eu
IdentityFile {{ setup_ssh_key }}
IdentitiesOnly yes
User {{ setup_ssh_logname }}
Port 22
{% for host in groups['ssh_jump'] %}
Host {{ host }}
Hostname {{ host }}
IdentityFile {{ setup_ssh_key }}
IdentitiesOnly yes
User {{ setup_ssh_logname }}
ProxyJump ssh.n39.eu
Port 22
{% endfor %}
{% for host in groups['ssh_no_jump'] %}
Host {{ host }}
Hostname {{ host }}
IdentityFile {{ setup_ssh_key }}
IdentitiesOnly yes
User {{ setup_ssh_logname }}
Port 22
{% endfor %}