How to use ansible openstack modules with a ssh socks proxy
OpenSSH allows to act as an encrypted tunnel with a socks proxy. This can be used for openstack modules in ansible. However the ansible documentation doesn't mention how to use any other proxy than HTTP/HTTPS.
Solution 1:
socks proxy
First configure OpenSSH socks tunnel:
Add in ~/.ssh/config something like:
# Physical host
Host Dell-em1
User myuser
HostName 192.168.x.x
ForwardAgent yes
Host undercloud-0
User stack
HostName undercloud-0
ProxyJump Dell-em1
IdentityFile /home/mvutcovi/infrared/.workspaces/workspace_2018-02-14_18-24-58/id_rsa
Host controller-0
User heat-admin
HostName 192.168.24.13
ProxyJump Dell-em1
IdentityFile /home/mvutcovi/infrared/.workspaces/workspace_2018-02-14_18-24-58/id_rsa
DynamicForward localhost:65432
Now test that you can access the Horizon dashboard with:
ALL_PROXY=socks5h://localhost:65432 curl -vi 10.0.0.107:80/dashboard
openstack client config - clouds.yml
Create ~/clouds.yaml file with the following content:
clouds:
my_cloud:
auth:
auth_url: http://10.0.0.107:5000/v2.0
project_name: myproject
username: admin
password: XXXXXX
region_name: ""
Test with:
ALL_PROXY="socks5h://localhost:65432" openstack --os-cloud my_cloud server list
ansible
Create an openstack_test.yaml file with the following content:
---
- hosts: localhost
gather_facts: no
tasks:
- name: Upload CentOS7 iso image
os_image:
name: centos7
cloud: "my_cloud"
container_format: bare
disk_format: iso
filename: /path_to_local_file/CentOS-7-x86_64-DVD-1708.iso
properties:
cpu_arch: x86_64
distro: redhat
environment:
ALL_PROXY: "socks5h://localhost:65432"
when: false
# vim:et:sw=2:ts=2:sts=2:
The environment variable ALL_PROXY needs to be set to socks5h://localhost:65432. This variable is used by libcurl which is used by most ansible modules that are connecting to remote http services. For more details see: https://curl.haxx.se/libcurl/c/libcurl-env.html and https://curl.haxx.se/libcurl/c/CURLOPT_SOCKS_PROXY.html