Velvet Star Monitor

Standout celebrity highlights with iconic style.

news

Ansible :execute playbook from localhost through bastion host

Writer Emily Wong

I am newbie to the ansible

We are doing our deployments via ansible and a bastion host is provisioned for the deployments.

The current approach I am using is to clone the ansible repo in bastion host and run the commands from that folder

My question is it possible to run the ansible code through the local machine through bastion??

(basically, avoid the repo in bastion host)

5

2 Answers

Let's say you want to provision a couple of VMs 172.20.0.10 and 172.20.0.11 in your development environment going through your 172.20.0.1 bastion. Your inventory looks a bit like this

[development]
172.20.0.10
172.20.0.11

Then you can edit your ~/.ssh/config and add

Host bastion Hostname 172.20.0.1 User youruser
Host 172.20.* ProxyJump bastion User youruser

Then you can test a ssh 172.20.0.10 that should land you in your first VM. If it works for SSH, Ansible should work the same.

Note, you can run ansible with -vvv (or is it one more v, not sure atm), you'll see the SSH commands Ansible is running.

Note 2, ProxyJump requires a recent OpenSSH, 6.7 at least if I remember correctly

3

Using this data

host remoto : 10.0.1.121
user remoto : application_user
ssh key : app_ssh_key
host bastian : 212.34.345.12
user bastian : bastian_user
ssh key: bastian_ssh_key

and using key to access with ssh (you have to store keys in a secure storage, not with ansible playbook).

In a ssh single command

$ ssh [email protected] -i path/to/app_ssh_key \ -o ProxyCommand="ssh -q [email protected] -i path/to/bastian_ssh_key -W %h:%p"

In ansible

you can use two method:

Method 1

Use variables for inventory machine/group, in order to have different connection option for different machine/group.

Add to inventory file:

[remote-vm]
10.0.1.121
[remote-vm:vars]
ansible_ssh_user=application_user
ansible_ssh_private_key_file=path/to/app_ssh_key
ansible_ssh_common_args= -o ProxyCommand="ssh -q [email protected] -i path/to/bastian_ssh_key -W %h:%p"

Method 2

Single configuration valid for all inventory machines.

Add to/replace in ansible.cfg:

[defaults]
remote_user = application_user
[ssh_connection]
ssh_args=-i path/to/app_ssh_key -o ProxyCommand="ssh -q [email protected] -i path/to/bastian_ssh_key -W %h:%p"

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.

Similar Journal

View All

What is the strongest fixed location equipment you can obtain at Level 1?

May 2026

What's the best strategy to keep the chaos low?

May 2026

Where do you find slime chunks?

May 2026

How should I distribute my bonus points with my Paladin at level up?

May 2026