Merge branch 'ganeshrn-junos_jump_hosts' into devel

This commit is contained in:
Sandra McCann 2018-07-20 11:38:56 -04:00
commit 6c4353b51b
3 changed files with 67 additions and 3 deletions

View file

@ -597,6 +597,46 @@ no additional changes necessary. The network module will now connect to the
network device by first connecting to the host specified in network device by first connecting to the host specified in
``ansible_ssh_common_args``, which is ``bastion01`` in the above example. ``ansible_ssh_common_args``, which is ``bastion01`` in the above example.
Using bastion/jump host with netconf connection
-----------------------------------------------
Enabling jump host setting
--------------------------
Bastion/jump host with netconf connection can be enable using
- Setting Ansible variable``ansible_netconf_ssh_config`` either to ``True`` or custom ssh config file path
- Setting environment variable ``ANSIBLE_NETCONF_SSH_CONFIG`` to ``True`` or custom ssh config file path
- Setting ``ssh_config = 1`` or ``ssh_config = <ssh-file-path>``under ``netconf_connection`` section
If the configuration variable is set to 1 the proxycommand and other ssh variables are read from
default ssh config file (~/.ssh/config).
If the configuration variable is set to file path the proxycommand and other ssh variables are read
from the given custom ssh file path
Example ssh config file (~/.ssh/config)
---------------------------------------
.. code-block:: ini
Host junos01
HostName junos01
User myuser
ProxyCommand ssh user@bastion01 nc %h %p %r
Example Ansible inventory file
.. code-block:: ini
[junos]
junos01
[junos:vars]
ansible_connection=netconf
ansible_network_os=junos
ansible_user=myuser
ansible_ssh_pass=!vault...
.. note:: Using ``ProxyCommand`` with passwords via variables .. note:: Using ``ProxyCommand`` with passwords via variables

View file

@ -1643,4 +1643,13 @@ YAML_FILENAME_EXTENSIONS:
- section: defaults - section: defaults
key: yaml_valid_extensions key: yaml_valid_extensions
type: list type: list
NETCONF_SSH_CONFIG:
description: This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump
host ssh settings should be present in ~/.ssh/config file, alternatively it can be set
to custom ssh configuration file path to read the bastion/jump host settings.
env: [{name: ANSIBLE_NETCONF_SSH_CONFIG}]
ini:
- {key: ssh_config, section: netconf_connection}
yaml: {key: netconf_connection.ssh_config}
default: null
... ...

View file

@ -154,6 +154,21 @@ options:
- name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT - name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT
vars: vars:
- name: ansible_command_timeout - name: ansible_command_timeout
netconf_ssh_config:
description:
- This variable is used to enable bastion/jump host with netconf connection. If set to
True the bastion/jump host ssh settings should be present in ~/.ssh/config file,
alternatively it can be set to custom ssh configuration file path to read the
bastion/jump host settings.
ini:
- section: netconf_connection
key: ssh_config
version_added: '2.7'
env:
- name: ANSIBLE_NETCONF_SSH_CONFIG
vars:
- name: ansible_netconf_ssh_config
version_added: '2.7'
""" """
import os import os
@ -162,7 +177,7 @@ import json
from ansible.errors import AnsibleConnectionFailure, AnsibleError from ansible.errors import AnsibleConnectionFailure, AnsibleError
from ansible.module_utils._text import to_bytes, to_native, to_text from ansible.module_utils._text import to_bytes, to_native, to_text
from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE, BOOLEANS_FALSE
from ansible.plugins.loader import netconf_loader from ansible.plugins.loader import netconf_loader
from ansible.plugins.connection import NetworkConnectionBase from ansible.plugins.connection import NetworkConnectionBase
@ -250,10 +265,10 @@ class Connection(NetworkConnectionBase):
device_params = {'name': NETWORK_OS_DEVICE_PARAM_MAP.get(self._network_os) or self._network_os} device_params = {'name': NETWORK_OS_DEVICE_PARAM_MAP.get(self._network_os) or self._network_os}
ssh_config = os.getenv('ANSIBLE_NETCONF_SSH_CONFIG', False) ssh_config = self.get_option('netconf_ssh_config')
if ssh_config in BOOLEANS_TRUE: if ssh_config in BOOLEANS_TRUE:
ssh_config = True ssh_config = True
else: elif ssh_config in BOOLEANS_FALSE:
ssh_config = None ssh_config = None
try: try: