Merge pull request 'add a playbook to configure ssh to use the ssh gateway for the internal systems' (!104) from ssh-config-playbook into master
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/104 Reviewed-by: Stefan Haun <tux@netz39.de>
This commit is contained in:
commit
a191de209c
4 changed files with 76 additions and 0 deletions
11
README.md
11
README.md
|
@ -7,16 +7,27 @@ ansible -i inventory.yml all --list-hosts
|
|||
```
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
ansible-galaxy install -r requirements.yml
|
||||
```
|
||||
|
||||
## Setup SSH Access to hosts
|
||||
|
||||
```bash
|
||||
LOGUSER=<loguser>
|
||||
SSH_KEY=<absolute/path/to/ssh/private/key>
|
||||
ansible-playbook setup-ssh.yml --ask-vault-pass -e "setup_ssh_logname=$LOGUSER" -e "setup_ssh_key=$SSH_KEY"
|
||||
```
|
||||
|
||||
## Edit vault encrypted vars files
|
||||
|
||||
```bash
|
||||
ansible-vault edit group_vars/all/vault
|
||||
```
|
||||
|
||||
## Call with
|
||||
|
||||
```bash
|
||||
ansible-playbook -i inventory.yml --ask-vault-pass main.yml
|
||||
```
|
||||
|
|
|
@ -19,3 +19,17 @@ all:
|
|||
krypton.n39.eu:
|
||||
oganesson.n39.eu:
|
||||
holmium.n39.eu:
|
||||
ssh_jump:
|
||||
hosts:
|
||||
pottwal.n39.eu:
|
||||
unicorn.n39.eu:
|
||||
radon.n39.eu:
|
||||
krypton.n39.eu:
|
||||
oganesson.n39.eu:
|
||||
holmium.n39.eu:
|
||||
platon.n39.eu:
|
||||
beaker.n39.eu:
|
||||
wittgenstein.n39.eu:
|
||||
ssh_no_jump:
|
||||
hosts:
|
||||
tau.netz39.de:
|
24
setup-ssh.yml
Normal file
24
setup-ssh.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
- name: configure local ssh to access n39 hosts
|
||||
hosts: localhost
|
||||
|
||||
tasks:
|
||||
- name: ensure {{ lookup('env', 'HOME') }}/.ssh/config.d/ dir is present
|
||||
ansible.builtin.file:
|
||||
path: "{{ lookup('env', 'HOME') }}/.ssh/config.d/"
|
||||
state: directory
|
||||
delegate_to: localhost
|
||||
|
||||
- name: template ssh config for access to internal systems
|
||||
ansible.builtin.template:
|
||||
src: templates/ssh_config.j2
|
||||
dest: "{{ lookup('env', 'HOME') }}/.ssh/config.d/n39_config"
|
||||
delegate_to: localhost
|
||||
|
||||
- name: ensure that n39 access config is included
|
||||
ansible.builtin.lineinfile:
|
||||
path: ~/.ssh/config
|
||||
insertbefore: BOF
|
||||
regexp: '^Include'
|
||||
line: Include config.d/n39_config
|
||||
delegate_to: localhost
|
27
templates/ssh_config.j2
Normal file
27
templates/ssh_config.j2
Normal file
|
@ -0,0 +1,27 @@
|
|||
# {{ ansible_managed }}
|
||||
Host ssh.n39.eu
|
||||
Hostname ssh.n39.eu
|
||||
IdentityFile {{ setup_ssh_key }}
|
||||
IdentitiesOnly yes
|
||||
User {{ setup_ssh_logname }}
|
||||
Port 22
|
||||
|
||||
{% for host in groups['ssh_jump'] %}
|
||||
Host {{ host }}
|
||||
Hostname {{ host }}
|
||||
IdentityFile {{ setup_ssh_key }}
|
||||
IdentitiesOnly yes
|
||||
User {{ setup_ssh_logname }}
|
||||
ProxyJump ssh.n39.eu
|
||||
Port 22
|
||||
|
||||
{% endfor %}
|
||||
{% for host in groups['ssh_no_jump'] %}
|
||||
Host {{ host }}
|
||||
Hostname {{ host }}
|
||||
IdentityFile {{ setup_ssh_key }}
|
||||
IdentitiesOnly yes
|
||||
User {{ setup_ssh_logname }}
|
||||
Port 22
|
||||
|
||||
{% endfor %}
|
Loading…
Reference in a new issue