If you want to run an ansible playbook on a remote server by using a ssh tunnel, you can use the following procedure:
Create an entry in your inventory file configuring the host as localhost and the port you want to use for the ssh tunnel. In our example we will use ‘tunnel’ as server alias:
tunnel ansible_host=127.0.0.1 ansible_port=2222
The procedure of the playbook should be as follows:
- Connect to localhost in order to create the tunnel.
- Connect to localhost using the tunnel and run tasks.
- Connect to localhost in order to delete the tunnel.
So first of all kill remaining SSH sessions that you can have using the port you’ve configured above (if any) and create the new connection. Take in consideration that we are also asking remote server IP (or hostname) and the remote SSH port. You don’t need to do that if you’re gonna connect always to the same server or if you know the remote SSH port. You can specify them in your playbook instead of using variables:
- hosts: 127.0.0.1 connection: local vars_prompt: - name: "hostname" prompt: "Enter remote server hostname or IP" private: no - name: "ssh_port" prompt: "Enter remote ssh port" private: no tasks: - name: "Kill previous sessions on local port" shell: ps axuf | grep 2222 | grep ssh | awk '{print "kill -9 " $1}' - name: Create SSH tunnel shell: ssh -fN -L 2222:localhost:{{ ssh_port }} {{ hostname }}
Now that the connection has been established you can run commands on the remote server by using following code:
- hosts: tunnel user: <user with ssh access> tasks: - name: "Remote task" ...
It’s important to remark that you must know which user has ssh access to that server and you must use or key authentication or the same credentials used for localhost.
To finish your playbook properly is better if you kill your SSH tunnel:
- hosts: 127.0.0.1 connection: local gather_facts: no tasks: - name: "Killing ssh process" shell: ps axuf | grep 2222 | grep ssh | awk '{ print "kill -9 " $1}'
Pingback: Ansible use ssh tunnel for http proxy | Knowledge Base
Doesnt work. Dont waste your time – wasted hour.
LikeLike
What is the error you’re getting? By the way, take a look at the link above for another similar solution that bgstack15 did. Maybe that one works for you.
LikeLike
I think the code you wrote to kill the ssh is wrong: the snippet will only print the kill command, but won’t actually execute it.
LikeLike
That’s true,
print $1 shows username instead of process id (at least on Ubuntu), hence is the second row $2.
printing “kill” does nothing, so we can use xargs kill -9, which appends the process id.
This snippet would work
“ps axuf | grep 2222 | grep ssh | awk ‘{print $2}’ | xargs kill -9”
LikeLike