Reputation: 3676
Ansible Using Custom ssh config File
I have a custom SSH config file that I typically use as follows
ssh -F ~/.ssh/client_1_config amazon-server-01
Is it possible to assign Ansible to use this config for certain groups? It already has the keys and ports and users all set up. I have this sort of config for multiple clients, and would like to keep the config separate if possible.
Upvotes: 39
Views: 68004
Answers (4)
Reputation: 59989
You can set ssh arguments globally in the ansible.cfg:
[ssh_connection]
ssh_args = -F ~/.ssh/client_1_config
Via behavioral inventory parameters you can set it per host or group
amazon-server-01 ansible_ssh_common_args=~/.ssh/client_1_config
Upvotes: 37
Reputation: 56
Another way,
assuming you have associated ssh key identity files in configuration groupings for various servers like I do in the ~/.ssh/config file. If you have a bunch of entries like this one.
Host wholewideworld
Hostname 204.8.19.16
port 22
User why_me
IdentityFile ~/.ssh/id_rsa
PubKeyAuthentication yes
IdentitiesOnly yes
they work like
ssh wholewideworld
To run ansible adhock commands is run
eval $(ssh-agent -s)
ssh-add ~/.ssh/*rsa
output will be like:
Enter passphrase for /home/why-me/.ssh/id_rsa:
Identity added: /home/why-me/.ssh/id_rsa (/home/why-me/.ssh/id_rsa)
now you should be able to include wholewideworld in your ~/ansible-hosts after you put in the host alias from the config file, it works to just run
ansible all -ping
output:
127.0.0.1 | SUCCESS => {
"changed": false,
"ping": "pong"
}
wholewideworld | SUCCESS => {
"changed": false,
"ping": "pong"
}
Upvotes: 3
Reputation: 16416
I believe you can achieve what you want like this in your inventory:
[group1]
server1
[group2]
server2
[group1:vars]
ansible_ssh_user=vagrant
ansible_ssh_common_args='-F ssh1.cfg'
[group2:vars]
ansible_ssh_user=vagrant
ansible_ssh_common_args='-F ssh2.cfg'
You can then be as creative as you want and construct SSH config files such as this:
$ cat ssh1.cfg
Host server1
HostName 192.168.1.1
User someuser
Port 22
IdentityFile /path/to/id_rsa
References
Upvotes: 26
Reputation: 425
With Ansible 2, you can set a ProxyCommand in the ansible_ssh_common_args inventory variable. Any arguments specified in this variable are added to the sftp/scp/ssh command line when connecting to the relevant host(s). Consider the following inventory group:
[gatewayed]
foo ansible_host=192.0.2.1
bar ansible_host=192.0.2.2
You can create group_vars/gatewayed.yml with the following contents:
ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q [email protected]"'
and do the trick...
You can find further information in: http://docs.ansible.com/ansible/faq.html
Upvotes: 19
Related Questions
- Specifying ssh key in ansible playbook file
- Ansible - How to apply a different ssh config to a specific host?
- Ansible configuration files
- Ansible replacing a value in sshd_config
- Is it possible to tell ansible not to use ~/.ssh/config?
- Ansible to update sshd config file
- Use custom configuration file for ansible provisioner
- Using ansible configuration to ssh to a remote host
- Specify SSH configuration file at run time in Ansible 1.9
- How to configure Ansible to use my local SSH configuration?