From 3e44da4344e11700e58e06bc713851b8fc90244a Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 21 Apr 2018 17:53:30 +0200 Subject: [PATCH] added (not yet finished) localconfig role --- ansible/host_vars/metrics | 1 + ansible/localconfig.yml | 5 ++ ansible/roles/localconfig/defaults/main.yml | 12 +++ ansible/roles/localconfig/files/ssh/Makefile | 4 + ansible/roles/localconfig/tasks/main.yml | 29 ++++++++ .../roles/localconfig/templates/ssh/10r3.conf.j2 | 77 ++++++++++++++++++++ 6 files changed, 128 insertions(+) create mode 100644 ansible/host_vars/metrics create mode 100644 ansible/localconfig.yml create mode 100644 ansible/roles/localconfig/defaults/main.yml create mode 100644 ansible/roles/localconfig/files/ssh/Makefile create mode 100644 ansible/roles/localconfig/tasks/main.yml create mode 100644 ansible/roles/localconfig/templates/ssh/10r3.conf.j2 diff --git a/ansible/host_vars/metrics b/ansible/host_vars/metrics new file mode 100644 index 0000000..2b1841f --- /dev/null +++ b/ansible/host_vars/metrics @@ -0,0 +1 @@ +localconfig_ssh_config_user: root diff --git a/ansible/localconfig.yml b/ansible/localconfig.yml new file mode 100644 index 0000000..8bf230f --- /dev/null +++ b/ansible/localconfig.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + connection: local + roles: + - localconfig diff --git a/ansible/roles/localconfig/defaults/main.yml b/ansible/roles/localconfig/defaults/main.yml new file mode 100644 index 0000000..96e3cf6 --- /dev/null +++ b/ansible/roles/localconfig/defaults/main.yml @@ -0,0 +1,12 @@ +--- +### use .ssh/r3_localconfig.yml to overwrite +# localconfig_ssh_user: +localconfig_ssh_ids: + - ~/.ssh/id_r3_rsa + - ~/.ssh/id_r3_ed25519 + + +### to be set inhost_vars and group_vars +# localconfig_ssh_config_proxycommand: +# localconfig_ssh_config_user: +# localconfig_ssh_config_port: diff --git a/ansible/roles/localconfig/files/ssh/Makefile b/ansible/roles/localconfig/files/ssh/Makefile new file mode 100644 index 0000000..58e4ea6 --- /dev/null +++ b/ansible/roles/localconfig/files/ssh/Makefile @@ -0,0 +1,4 @@ +CONFIGS=$(sort $(wildcard *.conf)) + +../config: $(CONFIGS) + @cat $^ >$@ diff --git a/ansible/roles/localconfig/tasks/main.yml b/ansible/roles/localconfig/tasks/main.yml new file mode 100644 index 0000000..ec292df --- /dev/null +++ b/ansible/roles/localconfig/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: load additional config from .ssh dir + include_vars: + dir: "{{ '~/.ssh' | expanduser }}" + depth: 1 + files_matching: 'r3_localconfig.yml' + +- name: create .ssh/config.d + file: + path: "~/.ssh/config.d/" + state: directory + +- name: install generated ssh config snippets + template: + src: "ssh/{{ item | basename }}" + dest: "~/.ssh/config.d/{{ item | basename | regex_replace('^(.*)\\.j2$', '\\1') }}" + with_fileglob: + - "../templates/ssh/*.conf.j2" + +- name: install static ssh config snippets + copy: + src: ssh/ + dest: ~/.ssh/config.d/ + +- name: assemble ssh config + assemble: + src: ~/.ssh/config.d/ + regexp: "\\.conf$" + dest: ~/.ssh/config diff --git a/ansible/roles/localconfig/templates/ssh/10r3.conf.j2 b/ansible/roles/localconfig/templates/ssh/10r3.conf.j2 new file mode 100644 index 0000000..ba11160 --- /dev/null +++ b/ansible/roles/localconfig/templates/ssh/10r3.conf.j2 @@ -0,0 +1,77 @@ +########################################################################################## +# realraum ssh-config (generated by ansible NOC repo) + +####################################### +### dynamically generated hosts + +{% for host in (groups['all'] | sort) %} +{% set shortname = (host.split('.') | first) %} +Host {{ host }}.realraum.at r3-{{ shortname }} r3g-{{ shortname }} r3e-{{ shortname }} + Hostname {{ host }}.realraum.at +{% if 'localconfig_ssh_config_proxycommand' in hostvars[host] %} + ProxyCommand {{ hostvars[host].localconfig_ssh_config_proxycommand }} +{% endif %} +{% if 'localconfig_ssh_config_user' in hostvars[host] %} + User {{ hostvars[host].localconfig_ssh_config_user }} +{% endif %} +{% if 'localconfig_ssh_config_port' in hostvars[host] %} + Port {{ hostvars[host].localconfig_ssh_config_port }} +{% endif %} + +{% endfor %} +####################################### +### static host configs + +Host gw.realraum.at r3-gw + Hostname gw.realraum.at + +Host gnocchi1.realraum.at r3-gnocchi1 + Hostname gnocchi1.realraum.at + +Host gnocchi2.realraum.at r3-gnocchi2 + Hostname gnocchi2.realraum.at + +Host torwaechter.mgmt.realraum.at r3g-torwaechter + Hostname torwaechter.mgmt.realraum.at + User realraum + +Host ap0.mgmt.realraum.at r3g-ap0 + Hostname ap0.mgmt.realraum.at + User root + +Host ap1.mgmt.realraum.at r3g-ap1 + Hostname ap1.mgmt.realraum.at + User root + +Host licht.realraum.at r3-licht r3g-licht r3e-licht + Hostname licht.realraum.at + User realraum + + +############################################################# +### +### general settings, this must come after the last host entry!!! +### + +## use gateway as jump host +Host r3g-* +# ProxyCommand ssh -q -a gw.realraum.at -W %h:%p + ProxyCommand ssh -q -a gw.realraum.at nc -q0 -w1 %h %p + +## use entrance as jump host +Host r3e-* + ProxyCommand ssh -q -a entrance.realraum.at -W %h:%p + +Host r3-* r3g-* r3e-* *.realraum.at +{% for id_file in localconfig_ssh_ids %} + IdentityFile {{ id_file }} +{% endfor %} + IdentitiesOnly yes + ForwardAgent no + Port 22000 +{% if localconfig_ssh_user is defined %} + User {{ localconfig_ssh_user }} +{% endif %} + +### +### don't put anything beyond this line! -- 1.7.10.4