ProxyJump SSH with Ansible

From Knowledge Center
Jump to: navigation, search

To reach a destination server via a bastion or jump host, we can use ProxyJump in SSH.

This will show you how to use the ping module via a jump host using ansible

SSH Config

The ssh config for our jump host:

Host *
    Port 22
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null
    ServerAliveInterval 60
    ServerAliveCountMax 30

Host jump-host
    HostName my-jumphost.mydomain.com
    ForwardAgent yes
    User ubuntu
    IdentityFile ~/.ssh/jump_host.pem

Inventory

inventory.ini

[test]
172.31.91.233

[test:vars]
ansible_user = ubuntu
ansible_ssh_private_key_file = ~/.ssh/id_rsa
ansible_python_interpreter=/usr/bin/python3
ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -q jump-host"'

Ping

Test the ping module:

ansible -i inventory.ini test -m ping
172.31.91.233 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}