From b023ace8a8a7ce6800e29129a27ebe8bf6bd38e0 Mon Sep 17 00:00:00 2001
From: Abhijit Menon-Sen <ams@2ndQuadrant.com>
Date: Mon, 10 Aug 2015 19:06:19 +0530
Subject: [PATCH] Add an ansible_ssh_extra_args inventory variable

This can be used to configure a per-host or per-group ProxyCommand to
connect to hosts through a jumphost, e.g.:

    inventory:
        [gatewayed]
        foo ansible_ssh_host=192.0.2.1

    group_vars/gatewayed.yml:
        ansible_ssh_extra_args: '-o ProxyCommand="ssh -W %h:%p -q bounceuser@gateway.example.com"'

Note that this variable is used in addition to any ssh_args configured
in the [ssh_connection] section of ansible.cfg (so you don't need to
repeat the ControlPath settings in ansible_ssh_extra_args).
---
 docsite/rst/intro_inventory.rst        |  3 +++
 lib/ansible/plugins/connections/ssh.py | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/docsite/rst/intro_inventory.rst b/docsite/rst/intro_inventory.rst
index 5afffb0fe50..d885fa3c708 100644
--- a/docsite/rst/intro_inventory.rst
+++ b/docsite/rst/intro_inventory.rst
@@ -211,6 +211,9 @@ SSH connection::
       The ssh password to use (this is insecure, we strongly recommend using --ask-pass or SSH keys)
     ansible_ssh_private_key_file
       Private key file used by ssh.  Useful if using multiple keys and you don't want to use SSH agent.
+    ansible_ssh_extra_args
+      Additional arguments for ssh. Useful to configure a ``ProxyCommand`` for a certain host (or group).
+      This is used in addition to any ``ssh_args`` configured in ``ansible.cfg``.
 
 Privilege escalation (see :doc:`Ansible Privilege Escalation<become>` for further details)::
 
diff --git a/lib/ansible/plugins/connections/ssh.py b/lib/ansible/plugins/connections/ssh.py
index 6dae226722b..22a9c41dfde 100644
--- a/lib/ansible/plugins/connections/ssh.py
+++ b/lib/ansible/plugins/connections/ssh.py
@@ -58,6 +58,12 @@ class Connection(ConnectionBase):
         super(Connection, self).__init__(*args, **kwargs)
 
         self.host = self._play_context.remote_addr
+        self.ssh_extra_args = ''
+
+    def set_host_overrides(self, host):
+        v = host.get_vars()
+        if 'ansible_ssh_extra_args' in v:
+            self.ssh_extra_args = v['ansible_ssh_extra_args']
 
     @property
     def transport(self):
@@ -114,6 +120,12 @@ class Connection(ConnectionBase):
             self._common_args += ("-o", "User={0}".format(self._play_context.remote_user))
         self._common_args += ("-o", "ConnectTimeout={0}".format(self._play_context.timeout))
 
+        # If any extra SSH arguments are specified in the inventory for
+        # this host, add them in.
+        if self.ssh_extra_args is not None:
+            extra_args = self.ssh_extra_args
+            self._common_args += [x.strip() for x in shlex.split(extra_args) if x.strip()]
+
         self._connected = True
 
         return self