How to construct customized ssh connection from ansible playbook

Question

The below ssh connection by ansible fails to connect to remote hosts

ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/app/ssh_keys/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ControlPath=/home/ansibleuser/.ansible/cp/6abdc12511 -tt 10.9.88.205 'id mwweb || id webadm || ls -ld /web'

whereas when i remove the below two arguments from ssh my connection succeeds

1. -tt 
2.  -o ControlPath=/home/ansibleuser/.ansible/cp/6abdc12511 

Working ssh command that is want ansible to construct.

ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/app/ssh_keys/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no 10.9.88.205 'id mwweb || id webadm || ls -ld /web'

This requirement (customized ssh command) is for a specific playbook for specific target hosts that is supplied as arguments to my ansible playbook below. I dont wish to modify the existing ssh configuration at OS:

- name: Play 2- Configure Source nodes
  hosts: all
  user: root
  ignore_errors: yes
  gather_facts: false
  tasks:

   - name: Get HTTPD userid on server
     raw: id mwweb || id webadm || ls -ld /web

   - name: Get OHS userid on server
     raw: id mwweb

The above playbook runs using this command:

ansible-playbook -i 10.9.88.205, -f 5 testpython.yml -vvvv

I'm using jenkin's ansible plugin to trigger the above playbook.

Can you please provide solution for the below:

1. can i disable -tt and ControlPath by modifying playbook code? This is my first preference. Please suggest?

2. If modifying the playbook wont help then how can i disable both ssh args using ansible parameters?

I was able to disable -tt using below:

ansible-playbook -i 10.9.88.205, -f 5 testpython.yml -e ansible_ssh_use_tty=no -vvvv

But, there is no way to could find to disable ControlPath despite passing -e control_path=""

Reference: https://docs.ansible.com/ansible/latest/plugins/connection/ssh.html

Can you please suggest ?

Answer 1

You can set connection parameters in task vars, e.g.:

   - name: Get HTTPD userid on server
     raw: id mwweb || id webadm || ls -ld /web
     vars:
       ansible_ssh_use_tty: false # disable -tt flag
       ansible_control_path: none # disable connection sharing

Variable names and default values are listed in ansible.builtin.ssh connection plugin docs.

And ansible_control_path: none should disable connection sharing according to ssh_config man:

       ControlPath
               Specify the path to the control socket used for
               connection sharing as described in the ControlMaster
               section above or the string none to disable connection
               sharing. ...

Answer 2

You can't customize the Ansible configuration by adding an ansible conf file.

Changes can be made and used in a configuration file which will be processed in the following order:

• ANSIBLE_CONFIG (an environment variable)
• ansible.cfg (in the current directory)
• .ansible.cfg (in the home directory)
• /etc/ansible/ansible.cfg

On Ansible documentation: https://docs.ansible.com/ansible/2.3/intro_configuration.html#environmental-configuration

On some systems with very long hostnames or very long path names (caused by long user names or deeply nested home directories) this can exceed the character limit on file socket names (108 characters for most platforms). In that case, you may wish to shorten the string to something like the below: control_path = %(directory)s/%%h-%%r

You can also set your ssh_args one that file:

ssh_args = -o ControlMaster=auto -o ControlPersist=60s

your ssh config section will look like that with the custom ssh args:

[ssh_connection]
ssh_args = -o ControlMaster=auto -o ControlPersist=60s