Running Ansible via a Bastion host (GCP)

Overview

I had setup several Compute instances within the Google Cloud platform.

These instances were only accessible over their private IP addresses to minimize malicious access.

I wanted to install and configure these Compute instances using Ansible and I was faced with an immediate issue.

How would I or Ansible access these hosts ?

Bastion host

Fortunately, the Google Cloud Platform documentation provides information on how to ‘Securely connect to VM instances’.

A bastion host provides an external point of entry to these Compute instances.

Ansible inventory file

To ensure Ansible goes through the Bastion host to connect to the Compute instances.

I added the following line under [all:vars] into my Ansible inventory file which contained the IP-Addresses of all my Compute instances.

ansible_ssh_common_args=' -o ProxyCommand="ssh -W %h:%p <Bastion-Public-IP-Address>"'

Those extra arguments ensures Ansible:

  1. open’s an ssh connection to the Bastion host
  2. then open a connection to the Compute instance host using %h and on port %p
Last updated on 5 May 2020
Published on 5 May 2020