Merge branch 'ganeshrn-junos_jump_hosts' into devel

This commit is contained in:
Sandra McCann 2018-07-20 11:38:56 -04:00
commit 6c4353b51b
3 changed files with 67 additions and 3 deletions

View file

@ -597,6 +597,46 @@ no additional changes necessary. The network module will now connect to the
network device by first connecting to the host specified in
``ansible_ssh_common_args``, which is ``bastion01`` in the above example.
Using bastion/jump host with netconf connection
-----------------------------------------------
Enabling jump host setting
--------------------------
Bastion/jump host with netconf connection can be enable using
- Setting Ansible variable``ansible_netconf_ssh_config`` either to ``True`` or custom ssh config file path
- Setting environment variable ``ANSIBLE_NETCONF_SSH_CONFIG`` to ``True`` or custom ssh config file path
- Setting ``ssh_config = 1`` or ``ssh_config = <ssh-file-path>``under ``netconf_connection`` section
If the configuration variable is set to 1 the proxycommand and other ssh variables are read from
default ssh config file (~/.ssh/config).
If the configuration variable is set to file path the proxycommand and other ssh variables are read
from the given custom ssh file path
Example ssh config file (~/.ssh/config)
---------------------------------------
.. code-block:: ini
Host junos01
HostName junos01
User myuser
ProxyCommand ssh user@bastion01 nc %h %p %r
Example Ansible inventory file
.. code-block:: ini
[junos]
junos01
[junos:vars]
ansible_connection=netconf
ansible_network_os=junos
ansible_user=myuser
ansible_ssh_pass=!vault...
.. note:: Using ``ProxyCommand`` with passwords via variables

View file

@ -1643,4 +1643,13 @@ YAML_FILENAME_EXTENSIONS:
- section: defaults
key: yaml_valid_extensions
type: list
NETCONF_SSH_CONFIG:
description: This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump
host ssh settings should be present in ~/.ssh/config file, alternatively it can be set
to custom ssh configuration file path to read the bastion/jump host settings.
env: [{name: ANSIBLE_NETCONF_SSH_CONFIG}]
ini:
- {key: ssh_config, section: netconf_connection}
yaml: {key: netconf_connection.ssh_config}
default: null
...

View file

@ -154,6 +154,21 @@ options:
- name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT
vars:
- name: ansible_command_timeout
netconf_ssh_config:
description:
- This variable is used to enable bastion/jump host with netconf connection. If set to
True the bastion/jump host ssh settings should be present in ~/.ssh/config file,
alternatively it can be set to custom ssh configuration file path to read the
bastion/jump host settings.
ini:
- section: netconf_connection
key: ssh_config
version_added: '2.7'
env:
- name: ANSIBLE_NETCONF_SSH_CONFIG
vars:
- name: ansible_netconf_ssh_config
version_added: '2.7'
"""
import os
@ -162,7 +177,7 @@ import json
from ansible.errors import AnsibleConnectionFailure, AnsibleError
from ansible.module_utils._text import to_bytes, to_native, to_text
from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE
from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE, BOOLEANS_FALSE
from ansible.plugins.loader import netconf_loader
from ansible.plugins.connection import NetworkConnectionBase
@ -250,10 +265,10 @@ class Connection(NetworkConnectionBase):
device_params = {'name': NETWORK_OS_DEVICE_PARAM_MAP.get(self._network_os) or self._network_os}
ssh_config = os.getenv('ANSIBLE_NETCONF_SSH_CONFIG', False)
ssh_config = self.get_option('netconf_ssh_config')
if ssh_config in BOOLEANS_TRUE:
ssh_config = True
else:
elif ssh_config in BOOLEANS_FALSE:
ssh_config = None
try: