-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authenticate as proxy for automation #547
Comments
Hi there, sorry for the delayed answer. After spending a few hours on trying to make it works, I couldn't find a way. I'll search a little bit more, but I'm not very optimist at the moment. |
Hi @Aguay-val , @Raphux , I'm stuck with the exact same problem, do you have any update on this ? Thanks |
We wrote a specific script that generates our inventory these way. [tg_all] [tg_all:vars] |
That is a really nice workaround ! |
Hi, I just followed the doc in https://github.com/LibrIT/passhport/blob/6ca5f7ead83437ba51cd5adb5354850f05003bca/docs/installation-and-configuration/make-passhport-more-transparent-for-user.rst I generate the PaSSHport configuration in aim to have targets named like
Sadly, within Ansible I get the error :
Thanks to PaSSHport, I was able to retrieve the commands played by Ansible via the logs :) So I know Ansible is connecting correctly to the target via PaSSHport, and I know Ansible is correctly sending the commands. So I tried manually.
This works ! I have access to my target directly, and I can do whatever I want. For that, great I'm happy :D
But if I append a command it's broken :(
And it is not better (but different) with Any idea ? So close to have a fully working integration of PaSSHport with Ansible in our infra... |
I will have to do some tests around this. Are you sure that ansible is using this exact syntax ? |
Ansible uses exactly this syntax: (you can see it by appending
Thanks for your answer, I'll try to investigate more tomorrow. |
I did some test, everything works fine here. I didn't test the whole complex line from ansible but I assume it will works too. That is what I did:
I got the result in a second. |
Ahem :D OK, I found the problem. I did a test on a server with SSHD not bind on 22 (used by git), and, for some reason, when you run a direct command, the port is not set correctly. Now I need to figure out why I have a problem with Ansible. |
Nice to hear! Your target is defined with a different port and it's not working? If it's the case it's definitively a bug that I could correct rapidly. |
Yeah, I have SSH for git running on 22 on it, and the real SSHD running on 2020. I'll continue to fight with Ansible then :D |
OK, this is very strange, I retried the command ran by Ansible manually, and it works fine (on a server with SSHD on 22 of course). Thanks for your support :) |
Correction done... Sorry for the delay: I changed a box port, and didn't notice a firewall on everything else than 22... took me some time to be able to reconnect to it :) Let me know if it's OK now. Oups didn't saw your last message. Some tips:
|
Hi, thank you for the quick fix and your tips ! It's now working like a charm :) The Ansible / WSGI part will be done next week due to lack of time, but I will keep you updated, and I'll post here the working procedure. |
I installed But ... As soon as I run commands on multiple hosts, it fails. For example :
My understanding is that Ansible throws too much connections simultaneously and PaSSHport can't handle them. I'm now playing with Edit: With |
OK, I managed to have a complex playbook running through PaSSHport with Ansible on a single host correctly. But, I struggle to have it working on multiple hosts. My Ansible configuration:
And, for PaSSHport, I have uWSGI working with 10 processes (it was also working with 5, I just increased to test). On multiple hosts, I have strange behaviors :
And once, I ran a complex playbook on multiple servers, and I saw a part of deployment done on the wrong server (thanks So, for now, I'm confident in using PaSSHport with Ansible for a single host, and I'm looking for another solution to run it for multiple hosts, I'm thinking about connecting through PaSSHport to an intermediate server where we will run Ansible (or maybe inside a CI/CD) so we would still have logs at least, but we loose the access control ... |
Hi, I hope you didn't give up and you figured out without me :) Again sorry for the delay, the github notice was in my spams. |
Describe the bug
I would like to run several command through target, with ansible, but the behavior make me think it should not work like this.
With the command below :
I'm able to authenticate through passhport to reach my target.
But when the first step is done, the second, ssh connection to my-target is waiting my ssh key not the passhport one.
I though passhport would make the connection to my-target but it seems that i have to authenticate myself.
I don't know if it's clear.
To Reproduce
Create a user1
Create target1
Copy passhport ssh key to target1.
Grant access to user1 on target1.
Try my command :
Expected behavior
My expected behavior is that i don't have to copy my ssh key on the target because i'm using the passhport gateway.
The text was updated successfully, but these errors were encountered: