3

I am trying to connect to 2 hosts from 2 different ProxyJumpHost.

For example: hostname1 is reachable only via ProxyJumpHost1 hostname2 is reachable only via ProxyJumpHost2

when I give "ansible_ssh_common_args" variable separately for the group but ansible is picking only one ProxyJumpHost information and trying to connect both the hosts from there.

My inventory yaml file looks like this

all_nodes:
  children:
    preprod:
      children:
        PRE_CH:
          vars:
            ansible_ssh_common_args: '-o ProxyCommand="sshpass -p {{ password }} ssh -W %h:%p -q {{ user }}@<ProxyJumpHost1>"'
          hosts:
            hostname1:
              ansible_host: <IP_Address>
            hostname2:
              ansible_host: <IP_Address>
        PRE_NL:
          vars:
            ansible_ssh_common_args: '-o ProxyCommand="sshpass -p {{ password }} ssh -W %h:%p -q {{ user }}@<ProxyJumpHost1>"'
          hosts:
            hostname3:
              ansible_host: <IP_Address>
            hostname4:
              ansible_host: <IP_Address>

My expectation is to connect the correct host via correct ProxyJumpHost.

But actually it takes only one ProxyJumpHost value and tries to connect all the hosts via that.

Prashaanth
  • 41
  • 1
  • 4

1 Answers1

2

In your example both vars are identical

PRE_CH:
  vars:
    ansible_ssh_common_args: '-o ProxyCommand="sshpass -p {{ password }} ssh -W %h:%p -q {{ user }}@<ProxyJumpHost1>"'

PRE_NL:
  vars:
    ansible_ssh_common_args: '-o ProxyCommand="sshpass -p {{ password }} ssh -W %h:%p -q {{ user }}@<ProxyJumpHost1>"'

Q: "For example, hostname1 is reachable only via ProxyJumpHost1 hostname2 is reachable only via ProxyJumpHost2. I expect to connect the correct host via correct ProxyJumpHost."

A: Set ansible_ssh_common_args for each host

hosts:
  hostname1:
    ansible_host: <IP_Address>
    ansible_ssh_common_args: '... {{ user }}@<ProxyJumpHost1>"'
  hostname2:
    ansible_host: <IP_Address>
    ansible_ssh_common_args: '... {{ user }}@<ProxyJumpHost2>"'

Q: "What if I have 2 more hosts that I can connect via ProxyJumpHost1 and 2 more via ProxyJumpHost2? In total, I will have 3 hosts via ProxyJumpHost1 and 3 hosts via ProxyJumpHost2"

A: For example (for simplicity and modularity) create inventory file gates.ini with two other groups gate1 and gate2. Add this file to the inventory either in the config, or command line. Remove ansible_ssh_common_args from other inventory files

[gate1]
hostname1
hostname2
hostname3
[gate1:vars]
ansible_ssh_common_args='-o ProxyCommand="sshpass -p {{ password }} ssh -W %h:%p -q {{ user }}@<ProxyJumpHost1>"'

[gate2]
hostname4
hostname5
hostname6
[gate2:vars]
ansible_ssh_common_args='-o ProxyCommand="sshpass -p {{ password }} ssh -W %h:%p -q {{ user }}@<ProxyJumpHost2>"'

See

Vladimir Botka
  • 58,131
  • 4
  • 32
  • 63
  • But wouldn't that be redundant ? That's the reason why we are having group separation. – Prashaanth Aug 07 '19 at 13:49
  • [Redundant](https://www.dictionary.com/browse/redundant)? hostname1 goes to ProxyJumpHost1 and hostname2 goes to ProxyJumpHost2. What is repeating? – Vladimir Botka Aug 07 '19 at 13:53
  • what if I have 2 more hosts that I will be able to connect via ProxyJumpHost1 and 2 more via ProxyJumpHost2. In total I will have 3 hosts via ProxyJumpHost1 and 3 hosts via ProxyJumpHost2 – Prashaanth Aug 07 '19 at 14:04