Geek Answers Handbook

Strong ssh port on Playbook

Here is the inventory file

--- [de-servers] 192.26.32.32 [uk-servers] 172.21.1.23 172.32.2.11

and my playbook looks like this:

 - name: Install de-servers configurations hosts: de-servers roles: - de-server-setup - name: Install uk-servers configurations hosts: uk-servers roles: - uk-server-setup - name: Do some other job on de-servers (cannot be done until uk-servers is installed) hosts: de-servers roles: - de-servers-rest-of-jobs

In the role of de-servers-setup, the role of the ssh port changes from 22 to 8888, so when the last task is called, it fails, because it cannot connect to the host through the 22nd port. How to overcome this ssh port change?

+16
source share
6 answers

In the de-server-setup role, add a task to change the host variable ansible_port .

 - name: Change ssh port to 8888 set_fact: ansible_port: 8888
+19
source

The only thing I can think of that might work is to create ssh aliases for your hosts. In .ssh/config :

 Host de.1.before HostName 192.26.32.32 Port 22 Host de.1.after HostName 192.26.32.32 Port 8888

Then use these aliases in your Ansible inventory:

 [de-servers-before] de.1.before [de-servers-after] de.1.after

And certain groups are then respectively in your games:

 - name: Install de-servers configurations hosts: de-servers-before roles: - de-server-setup - name: Install uk-servers configurations hosts: uk-servers roles: - uk-server-setup - name: Do some other job on de-servers (cannot be done until uk-servers is installed) hosts: de-servers-after roles: - de-servers-rest-of-jobs
+9
source

I need to change the ssh ports on the hosts that I manage, and I want to use it. This can be done. Essentially, Ansible uses the following logic to manage this SSH connection:

  if self.port is not None: ssh -p {{ self.port }} ... else: ssh ...

where "self.port" is the port specification from the host inventory, or overriding through the -e option, or explicitly declaring the variables "ansible_port" and / or "ansible_ssh_port". The recommended solution for changing ports is to use the "wait_for" and "when" modules in the "pre_tasks", but there is a lot of inadequacy of this approach, especially when there are many hosts and especially if you want to use different ports on different hosts.

I cloned and fixed the ssh plugin (versions 1 and 2) to change the logic as follows:

 if self.port is not None and self.port is OPEN: ssh -p {{ self.port }} ... else: ssh ...

The patch itself does not make changes to the target nodes, but allows connections to succeed even if the ports on the nodes have not yet changed. With the patch it is now very easy to write roles / tasks for changing ssh ports to everything that is in the host inventory.

If you're interested, you can find a patch and samples on how to use it at https://github.com/crlb/ansible ; README.md contains additional information.

+3
source

My complete solution to this problem was to create a generic piece, imported at the top of all other pieces, that checks the status of the non-standard ansible_port defined in the inventory. If the port is open, continue as usual. If it is not open, check port 22 and set it to ansible_port , if so.

Later, when the SSH server is configured for the first time, and the default port is replaced with my non-standard port, I then manually ansible_port fact ansible_port in my ansible_port so that any further Ansible connections in the current start work as expected.

My inventory looks like this:

 [webservers] web01.somedomain.com ansible_port=1234

My play looks like this:

 - name: Determine SSH port hosts: all gather_facts: no remote_user: root tasks: - name: "Check port {{ ansible_port }}" wait_for: port: "{{ ansible_port }}" state: "started" host: "{{ inventory_hostname }}" connect_timeout: "5" timeout: "5" delegate_to: "localhost" ignore_errors: "yes" register: ssh_port - name: "Check port 22" wait_for: port: "22" state: "started" host: "{{ inventory_hostname }}" connect_timeout: "5" timeout: "5" delegate_to: "localhost" ignore_errors: "yes" register: ssh_port_default when: - ssh_port is defined - ssh_port.state is undefined - name: Set SSH port to 22 set_fact: ansible_port: "22" when: ssh_port_default.state is defined

Finally, right after the SSH server is configured and the port has been changed, I have this:

 - name: Set SSH port to 1234 set_fact: ansible_port: "1234"
+2
source

Easy way, edit / etc / ansible / hosts:

 [my_server] ssdnodes:54321

and you can verify this by running the ping command:

 ansible ssdnodes -m ping

and the answer will be:

 ssdnodes | SUCCESS => { "changed": false, "ping": "pong" }
+1
source

The following is an example of connecting to another ssh port using ansible-playbook.
---
- hosts: test-server
Vary:
ansible_ssh_user: 'mohan'
ansible_password: '123456'
ansible_port: '2222'
tasks:
- name: "print a simple command"
command: cat / usr / bin / myscript.sh

0
source

More articles:


All Articles