Add an ansible_ssh_extra_args inventory variable

This can be used to configure a per-host or per-group ProxyCommand to connect to hosts through a jumphost, e.g.: inventory: [gatewayed] foo ansible_ssh_host=192.0.2.1 group_vars/gatewayed.yml: ansible_ssh_extra_args: '-o ProxyCommand="ssh -W %h:%p -q bounceuser@gateway.example.com"' Note that this variable is used in addition to any ssh_args configured in the [ssh_connection] section of ansible.cfg (so you don't need to repeat the ControlPath settings in ansible_ssh_extra_args).
2015-08-10 19:06:19 +05:30 · 2015-08-10 19:06:19 +05:30 · b023ace8a8
commit b023ace8a8
parent 8774ff5f57
2 changed files with 15 additions and 0 deletions
--- a/docsite/rst/intro_inventory.rst
+++ b/docsite/rst/intro_inventory.rst
@ -211,6 +211,9 @@ SSH connection::
      The ssh password to use (this is insecure, we strongly recommend using --ask-pass or SSH keys)
    ansible_ssh_private_key_file
      Private key file used by ssh.  Useful if using multiple keys and you don't want to use SSH agent.
+    ansible_ssh_extra_args
+      Additional arguments for ssh. Useful to configure a ``ProxyCommand`` for a certain host (or group).
+      This is used in addition to any ``ssh_args`` configured in ``ansible.cfg``.

 Privilege escalation (see :doc:`Ansible Privilege Escalation<become>` for further details)::

--- a/lib/ansible/plugins/connections/ssh.py
+++ b/lib/ansible/plugins/connections/ssh.py
@ -58,6 +58,12 @@ class Connection(ConnectionBase):
        super(Connection, self).__init__(*args, **kwargs)

        self.host = self._play_context.remote_addr
+        self.ssh_extra_args = ''
+
+    def set_host_overrides(self, host):
+        v = host.get_vars()
+        if 'ansible_ssh_extra_args' in v:
+            self.ssh_extra_args = v['ansible_ssh_extra_args']

    @property
    def transport(self):
@ -114,6 +120,12 @@ class Connection(ConnectionBase):
            self._common_args += ("-o", "User={0}".format(self._play_context.remote_user))
        self._common_args += ("-o", "ConnectTimeout={0}".format(self._play_context.timeout))

+        # If any extra SSH arguments are specified in the inventory for
+        # this host, add them in.
+        if self.ssh_extra_args is not None:
+            extra_args = self.ssh_extra_args
+            self._common_args += [x.strip() for x in shlex.split(extra_args) if x.strip()]
+
        self._connected = True

        return self