Run ansible tasks on a remote server using a SSH Tunnel

If you want to run an ansible playbook on a remote server by using a ssh tunnel, you can use the following procedure:

Create an entry in your inventory file configuring the host as localhost and the port you want to use for the ssh tunnel. In our example we will use ‘tunnel’ as server alias:

tunnel ansible_host=127.0.0.1 ansible_port=2222

The procedure of the playbook should be as follows:

Connect to localhost in order to create the tunnel.
Connect to localhost using the tunnel and run tasks.
Connect to localhost in order to delete the tunnel.

So first of all kill remaining SSH sessions that you can have using the port you’ve configured above (if any) and create the new connection. Take in consideration that we are also asking remote server IP (or hostname) and the remote SSH port. You don’t need to do that if you’re gonna connect always to the same server or if you know the remote SSH port. You can specify them in your playbook instead of using variables:

- hosts: 127.0.0.1
   connection: local
   vars_prompt:
         - name: "hostname"
           prompt: "Enter remote server hostname or IP"
           private: no
         - name: "ssh_port"
           prompt: "Enter remote ssh port"
           private: no
   tasks:
         - name: "Kill previous sessions on local port"
           shell: ps axuf | grep 2222 | grep ssh | awk '{print "kill -9 " $1}'

         - name: Create SSH tunnel
           shell: ssh -fN -L 2222:localhost:{{ ssh_port }} {{ hostname }}

Now that the connection has been established you can run commands on the remote server by using following code:

- hosts: tunnel
  user: <user with ssh access>
  tasks:
     - name: "Remote task"
           ...

It’s important to remark that you must know which user has ssh access to that server and you must use or key authentication or the same credentials used for localhost.

To finish your playbook properly is better if you kill your SSH tunnel:

- hosts: 127.0.0.1
   connection: local
   gather_facts: no
   tasks:
         - name: "Killing ssh process"
           shell: ps axuf | grep 2222 | grep ssh | awk '{ print "kill -9 " $1}'

5 thoughts on “Run ansible tasks on a remote server using a SSH Tunnel”

Pingback: Ansible use ssh tunnel for http proxy | Knowledge Base

Doesnt work. Dont waste your time – wasted hour.

LikeLike

Roger Castells

August 30, 2017 at 7:50 am

What is the error you’re getting? By the way, take a look at the link above for another similar solution that bgstack15 did. Maybe that one works for you.

LikeLike

Reply

I think the code you wrote to kill the ssh is wrong: the snippet will only print the kill command, but won’t actually execute it.

LikeLike

paredero

November 17, 2023 at 10:13 am

That’s true,

print $1 shows username instead of process id (at least on Ubuntu), hence is the second row $2.

printing “kill” does nothing, so we can use xargs kill -9, which appends the process id.

This snippet would work

“ps axuf | grep 2222 | grep ssh | awk ‘{print $2}’ | xargs kill -9”

LikeLike

Reply