Merge branch 'ganeshrn-junos_jump_hosts' into devel
This commit is contained in:
commit
6c4353b51b
3 changed files with 67 additions and 3 deletions
|
@ -597,6 +597,46 @@ no additional changes necessary. The network module will now connect to the
|
|||
network device by first connecting to the host specified in
|
||||
``ansible_ssh_common_args``, which is ``bastion01`` in the above example.
|
||||
|
||||
Using bastion/jump host with netconf connection
|
||||
-----------------------------------------------
|
||||
|
||||
Enabling jump host setting
|
||||
--------------------------
|
||||
|
||||
Bastion/jump host with netconf connection can be enable using
|
||||
- Setting Ansible variable``ansible_netconf_ssh_config`` either to ``True`` or custom ssh config file path
|
||||
- Setting environment variable ``ANSIBLE_NETCONF_SSH_CONFIG`` to ``True`` or custom ssh config file path
|
||||
- Setting ``ssh_config = 1`` or ``ssh_config = <ssh-file-path>``under ``netconf_connection`` section
|
||||
|
||||
If the configuration variable is set to 1 the proxycommand and other ssh variables are read from
|
||||
default ssh config file (~/.ssh/config).
|
||||
If the configuration variable is set to file path the proxycommand and other ssh variables are read
|
||||
from the given custom ssh file path
|
||||
|
||||
Example ssh config file (~/.ssh/config)
|
||||
---------------------------------------
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
Host junos01
|
||||
HostName junos01
|
||||
User myuser
|
||||
|
||||
ProxyCommand ssh user@bastion01 nc %h %p %r
|
||||
|
||||
Example Ansible inventory file
|
||||
|
||||
.. code-block:: ini
|
||||
|
||||
[junos]
|
||||
junos01
|
||||
|
||||
[junos:vars]
|
||||
ansible_connection=netconf
|
||||
ansible_network_os=junos
|
||||
ansible_user=myuser
|
||||
ansible_ssh_pass=!vault...
|
||||
|
||||
|
||||
.. note:: Using ``ProxyCommand`` with passwords via variables
|
||||
|
||||
|
|
|
@ -1643,4 +1643,13 @@ YAML_FILENAME_EXTENSIONS:
|
|||
- section: defaults
|
||||
key: yaml_valid_extensions
|
||||
type: list
|
||||
NETCONF_SSH_CONFIG:
|
||||
description: This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump
|
||||
host ssh settings should be present in ~/.ssh/config file, alternatively it can be set
|
||||
to custom ssh configuration file path to read the bastion/jump host settings.
|
||||
env: [{name: ANSIBLE_NETCONF_SSH_CONFIG}]
|
||||
ini:
|
||||
- {key: ssh_config, section: netconf_connection}
|
||||
yaml: {key: netconf_connection.ssh_config}
|
||||
default: null
|
||||
...
|
||||
|
|
|
@ -154,6 +154,21 @@ options:
|
|||
- name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT
|
||||
vars:
|
||||
- name: ansible_command_timeout
|
||||
netconf_ssh_config:
|
||||
description:
|
||||
- This variable is used to enable bastion/jump host with netconf connection. If set to
|
||||
True the bastion/jump host ssh settings should be present in ~/.ssh/config file,
|
||||
alternatively it can be set to custom ssh configuration file path to read the
|
||||
bastion/jump host settings.
|
||||
ini:
|
||||
- section: netconf_connection
|
||||
key: ssh_config
|
||||
version_added: '2.7'
|
||||
env:
|
||||
- name: ANSIBLE_NETCONF_SSH_CONFIG
|
||||
vars:
|
||||
- name: ansible_netconf_ssh_config
|
||||
version_added: '2.7'
|
||||
"""
|
||||
|
||||
import os
|
||||
|
@ -162,7 +177,7 @@ import json
|
|||
|
||||
from ansible.errors import AnsibleConnectionFailure, AnsibleError
|
||||
from ansible.module_utils._text import to_bytes, to_native, to_text
|
||||
from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE
|
||||
from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE, BOOLEANS_FALSE
|
||||
from ansible.plugins.loader import netconf_loader
|
||||
from ansible.plugins.connection import NetworkConnectionBase
|
||||
|
||||
|
@ -250,10 +265,10 @@ class Connection(NetworkConnectionBase):
|
|||
|
||||
device_params = {'name': NETWORK_OS_DEVICE_PARAM_MAP.get(self._network_os) or self._network_os}
|
||||
|
||||
ssh_config = os.getenv('ANSIBLE_NETCONF_SSH_CONFIG', False)
|
||||
ssh_config = self.get_option('netconf_ssh_config')
|
||||
if ssh_config in BOOLEANS_TRUE:
|
||||
ssh_config = True
|
||||
else:
|
||||
elif ssh_config in BOOLEANS_FALSE:
|
||||
ssh_config = None
|
||||
|
||||
try:
|
||||
|
|
Loading…
Reference in a new issue