Tweaks to bastion proxy config

* Adds a new tag to the bu-workshop with the suffix "proxied_host" * Modifies the bastion ssh config file generation to ** have both hostnames and ip addresses ** iterate over hosts tagged with the proxied_host tag NOTE: Bastion proxy config for other environments will fail once this is merged, unless they implement the "proxied_hosts" tag (or similar).
thoraxe · Jun 19, 2017 · 494f321 · 494f321
1 parent cd90d49
commit 494f321
Show file tree

Hide file tree

Showing 4 changed files with 62 additions and 13 deletions.
diff --git a/ansible/cloud_providers/ec2_infrastructure_deployment.yml b/ansible/cloud_providers/ec2_infrastructure_deployment.yml
@@ -73,7 +73,6 @@
 - name: Configure local ssh config for bastion proxy use
   include: "{{ ANSIBLE_REPO_PATH }}/cloud_providers/{{cloud_provider}}_ssh_config_setup.yml"
 
-
 - name: Wait for environment Readiness
   hosts:
     - "{{ ('tag_Project_' ~ env_type ~ '_' ~ guid) | replace('-', '_') }}"

diff --git a/ansible/cloud_providers/ec2_ssh_config_setup.yml b/ansible/cloud_providers/ec2_ssh_config_setup.yml
@@ -9,21 +9,20 @@
   tags:
     - create_ssh_config
   tasks:
-  - debug:
-     var: "{{hostvars}}"
   - name: Store bastion hostname as a fact
     set_fact:
-      bastion_hostname: "{{ hostvars[ groups[ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') ].0 ]['ec2_ip_address'] }}"
+      bastion_ip:       "{{ hostvars[ groups[ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') ].0 ]['ec2_ip_address'] }}"
+      bastion_hostname: "{{ hostvars[ groups[ ('tag_' ~ env_type ~ '_' ~ guid ~ '_bastion') | replace('-', '_') ].0 ]['ec2_public_dns_name'] }}"
 
   - name: Create empty local ssh config as defined by deploy_local_ssh_config_location
     file:
       dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf"
       state: touch
 
-  - name: Add bastion proxy config to workdir ssh config file
+  - name: Add bastion proxy config (hostname) to workdir ssh config file
     blockinfile:
       dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf"
-      marker: "##### {mark} ADDED BASTION PROXY HOST {{ env_type }}-{{ guid }} ######"
+      marker: "##### {mark} ADDED BASTION PROXY HOST HOSTNAME {{ env_type }}-{{ guid }} ######"
       content: |
           Host {{ bastion_hostname }}
             Hostname {{ bastion_hostname }}
@@ -37,10 +36,27 @@
     tags:
       - bastion_proxy_config_main
 
-  - name: Add all hosts to workdir ssh config file
+  - name: Add bastion proxy config (ip address) to workdir ssh config file
     blockinfile:
       dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf"
-      marker: "##### {mark} ADDED Node Proxy Config  {{ item }} {{ env_type }}-{{ guid }} ######"
+      marker: "##### {mark} ADDED BASTION PROXY HOST IP {{ env_type }}-{{ guid }} ######"
+      content: |
+          Host {{ bastion_ip }}
+            Hostname {{ bastion_ip }}
+            IdentityFile ~/.ssh/{{ key_name }}.pem
+            IdentitiesOnly yes
+            User {{ remote_user }}
+            ControlMaster auto
+            ControlPath /tmp/%h-%r
+            ControlPersist 5m
+            StrictHostKeyChecking no
+    tags:
+      - bastion_proxy_config_main
+
+  - name: Add all hosts (hostname) to workdir ssh config file
+    blockinfile:
+      dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf"
+      marker: "##### {mark} ADDED Node Proxy Config IP {{ item }} {{ env_type }}-{{ guid }} ######"
       block: |
           Host {{ hostvars[item].ec2_ip_address }}
             Hostname {{ hostvars[item].ec2_ip_address }}
@@ -49,9 +65,22 @@
             ProxyCommand ssh -F {{ inventory_dir }}/../workdir/{{ env_type }}_{{ guid }}_ssh_conf {{ remote_user }}@{{ bastion_hostname }} -W %h:%p
             StrictHostKeyChecking no
     with_items:
-      - "{{ groups[('tag_' ~ env_type ~ '_' ~ guid ~ '_master') | replace('-', '_')] }}"
-      - "{{ groups[('tag_' ~ env_type ~ '_' ~ guid ~ '_node') | replace('-', '_')] }}"
-      - "{{ groups[('tag_' ~ env_type ~ '_' ~ guid ~ '_support') | replace('-', '_')] }}"
-      - "{{ groups[('tag_' ~ env_type ~ '_' ~ guid ~ '_infranode') | replace('-', '_')] }}"
+      - "{{ groups[('tag_' ~ env_type ~ '_' ~ guid ~ '_proxied_host_true') | replace('-', '_')] }}"
+    tags:
+      - bastion_proxy_config_hosts
+
+  - name: Add all hosts (ip address) to workdir ssh config file
+    blockinfile:
+      dest: "{{ ANSIBLE_REPO_PATH }}/workdir/{{ env_type }}_{{ guid }}_ssh_conf"
+      marker: "##### {mark} ADDED Node Proxy Config Hostname {{ item }} {{ env_type }}-{{ guid }} ######"
+      block: |
+          Host {{ hostvars[item].ec2_public_dns_name }}
+            Hostname {{ hostvars[item].ec2_public_dns_name }}
+            User {{ remote_user }}
+            IdentityFile ~/.ssh/{{ key_name }}.pem
+            ProxyCommand ssh -F {{ inventory_dir }}/../workdir/{{ env_type }}_{{ guid }}_ssh_conf {{ remote_user }}@{{ bastion_hostname }} -W %h:%p
+            StrictHostKeyChecking no
+    with_items:
+      - "{{ groups[('tag_' ~ env_type ~ '_' ~ guid ~ '_proxied_host_true') | replace('-', '_')] }}"
     tags:
       - bastion_proxy_config_hosts
diff --git a/ansible/configs/bu-workshop/env_vars.yml b/ansible/configs/bu-workshop/env_vars.yml
@@ -10,9 +10,13 @@ software_to_deploy: "openshift"
 install_idm: false
 use_subscriptions: false
 use_own_repos: true
-cloud_provider: "ec2"
 install_common: true
 hosted_zone_id: "Z226QCZPDICGRI"
+repo_method: "file"
+use_own_key: true
+env_authorized_key: "roadshow"
+set_env_authorized_key: false
+tower_run: false
 
 # TODO: This should probably be in groupvars for all and then overridden here
 common_packages:

diff --git a/ansible/configs/bu-workshop/files/cloud_providers/ec2_cloud_template.j2 b/ansible/configs/bu-workshop/files/cloud_providers/ec2_cloud_template.j2
@@ -296,6 +296,10 @@
           {
             "Key": "{{ project_tag }}",
             "Value": "master"
+          },
+          {
+            "Key": "{{ project_tag }}_proxied_host",
+            "Value": "true"
           }
         ],
         "BlockDeviceMappings": [
@@ -372,6 +376,10 @@
           {
             "Key": "{{ project_tag }}",
             "Value": "infranode"
+          },
+          {
+            "Key": "{{ project_tag }}_proxied_host",
+            "Value": "true"
           }
         ],
         "BlockDeviceMappings": [
@@ -467,6 +475,11 @@
             "Key": "{{ project_tag }}",
             "Value": "node",
             "PropagateAtLaunch": true
+          },
+          {
+            "Key": "{{ project_tag }}_proxied_host",
+            "Value": "true",
+            "PropagateAtLaunch": true
           }
         ],
         "VPCZoneIdentifier": [
@@ -517,6 +530,10 @@
           {
             "Key": "{{ project_tag }}",
             "Value": "support"
+          },
+          {
+            "Key": "{{ project_tag }}_proxied_host",
+            "Value": "true"
           }
         ],
         "BlockDeviceMappings": [