Issue
I have three hosts:
- my local ansible controller
- a jump/bastion host (
jump_host
) for my infrastructure - a target host I want to run ansible tasks against (
target_host
) which is only accessible throughjump_host
As part of my inventory file, I have the details of both jump_host
and target_host
as follows:
jump_host:
ansible_host: "{{ jump_host_ip }}"
ansible_port: 22
ansible_user: root
ansible_password: password
target_host:
ansible_host: "{{ target_host_ip }}"
ansible_port: 22
ansible_user: root
ansible_password: password
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q root@{{ jump_host_ip }}"'
How can we configure ansible to use the password mentioned in the jump_host
settings from the inventory file instead of using any additional configurations from ~/.ssh/config file
?
Solution
There is no direct way to provide the password for the jump host as part of the ProxyCommand
.
So, I ended up doing the following:
# Generate SSH keys on the controller
- hosts: localhost
become: false
tasks:
- name: Generate the localhost ssh keys
community.crypto.openssh_keypair:
path: ~/.ssh/id_rsa
force: no
# Copy the host keys of Ansible host into the jump_host .ssh/authorized_keys file
# to ensure that no password is prompted while logging into jump_host
- hosts: jump_host
become: false
tasks:
- name: make sure public key exists on target for user
ansible.posix.authorized_key:
user: "{{ ansible_user }}"
key: "{{ lookup('file', '~/.ssh/id_rsa') }}"
state: present
Answered By - akash Answer Checked By - Dawn Plyler (WPSolving Volunteer)