Ansible ssh_args affecting sftp and scp connections

1
votes

I want to use Ansible to update some remove Ubuntu Servers with no internet access, I've downloaded a created a repo on the Ansible hosted by nginx http://localhost/media/apt

In order to the remote servers to get the repo, I've overwritten the sources.list to be:

deb http://127.0.0.1:88/media/apt trusty main

I've put in the ansible.cfg file:

[ssh_connection]
ssh_args = -R 88:127.0.0.1:80

For completeness here is my yml file:

- name: apt proxy configuration
  copy:
    src: sources.list
    dest: /etc/apt/sources.list

- name: APT | ge repo key
  apt_key:
    data: "{{repository_key }}"

- name: Upgrade
  apt:
    update_cache: yes
    allow_unauthenticated: yes
    upgrade: dist

The script does the job it updates the sources file, installs the key and updates the remote system, which is fantastic.

However by interfering with the ssh_args, I've upset ansible with every task I now get two warnings: *

[WARNING]: sftp transfer mechanism failed on [192.168.128.129]. Use ANSIBLE_DEBUG=1 to see detailed information

[WARNING]: scp transfer mechanism failed on [192.168.128.129]. Use ANSIBLE_DEBUG=1 to see detailed information

I can see it's adding my ssh_args options into the sftp and scp transfers

SSH: EXEC sftp -b - -R 88:127.0.0.1:80 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 '[192.168.128.129]'

<192.168.128.129> SSH: EXEC sftp -b - -R 88:127.0.0.1:80 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 '[192.168.128.129]' [WARNING]: sftp transfer mechanism failed on [192.168.128.129]. Use ANSIBLE_DEBUG=1 to see detailed information

<192.168.128.129> SSH: EXEC scp -R 88:127.0.0.1:80 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 /tmp/tmp87UMuT '[192.168.128.129]:/root/.ansible/tmp/ansible-tmp-1509468784.12-45526153395602/setup.py' [WARNING]: scp transfer mechanism failed on [192.168.128.129]. Use ANSIBLE_DEBUG=1 to see detailed information

Is there a way I can connect to my remote machine with a reverse proxy in place without upsetting ansible scp and ftp connection?

1
ansible

1 Answers

5
votes

If you read through the documentation on the ssh connection module, you will see that in addition to ssh_args, which as you have discovered is used for all ssh-related command lines, there are also a number of *_extra_args options:

  • ssh_extra_args
  • scp_extra_args
  • sftp_extra_args

These arguments will only be used for the specific command. In other words, if you use ssh_extra_args you should be all set.