Search code examples
sshparametersansibleargumentsconnection

How to construct customized ssh connection from ansible playbook

The below ssh connection by ansible fails to connect to remote hosts

ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/app/ssh_keys/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ControlPath=/home/ansibleuser/.ansible/cp/6abdc12511 -tt 10.9.88.205 'id mwweb || id webadm || ls -ld /web'

whereas when i remove the below two arguments from ssh my connection succeeds

1. -tt 
2.  -o ControlPath=/home/ansibleuser/.ansible/cp/6abdc12511

Working ssh command that is want ansible to construct.

ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/app/ssh_keys/id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="root"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no 10.9.88.205 'id mwweb || id webadm || ls -ld /web'

This requirement (customized ssh command) is for a specific playbook for specific target hosts that is supplied as arguments to my ansible playbook below. I dont wish to modify the existing ssh configuration at OS:

- name: Play 2- Configure Source nodes
  hosts: all
  user: root
  ignore_errors: yes
  gather_facts: false
  tasks:

   - name: Get HTTPD userid on server
     raw: id mwweb || id webadm || ls -ld /web

   - name: Get OHS userid on server
     raw: id mwweb

The above playbook runs using this command:

ansible-playbook -i 10.9.88.205, -f 5 testpython.yml -vvvv

I'm using jenkin's ansible plugin to trigger the above playbook.

Can you please provide solution for the below:

  1. can i disable -tt and ControlPath by modifying playbook code? This is my first preference. Please suggest?

  2. If modifying the playbook wont help then how can i disable both ssh args using ansible parameters?

I was able to disable -tt using below:

ansible-playbook -i 10.9.88.205, -f 5 testpython.yml -e ansible_ssh_use_tty=no -vvvv

But, there is no way to could find to disable ControlPath despite passing -e control_path=""

Reference: https://docs.ansible.com/ansible/latest/plugins/connection/ssh.html

Can you please suggest ?

Solution

  • You can set connection parameters in task vars, e.g.:

       - name: Get HTTPD userid on server
     raw: id mwweb || id webadm || ls -ld /web
     vars:
       ansible_ssh_use_tty: false # disable -tt flag
       ansible_control_path: none # disable connection sharing

    Variable names and default values are listed in ansible.builtin.ssh connection plugin docs.

    And ansible_control_path: none should disable connection sharing according to ssh_config man:

           ControlPath
               Specify the path to the control socket used for
               connection sharing as described in the ControlMaster
               section above or the string none to disable connection
               sharing. ...