Skip to content
Snippets Groups Projects
Commit e3890884 authored by Eesaan Atluri's avatar Eesaan Atluri
Browse files

Merge branch 'feat-override-sshproxy-config' into 'feat-hpc-factory' 

feat: Add runtime config for ssh proxy

See merge request rc/hpc-factory!143
parents cd5d9337 5700ab7c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
ansible/cluster.yml
+ 1
0
View file @ e3890884
...@@ -8,3 +8,4 @@ ...@@ -8,3 +8,4 @@
- { name: 'ldap_config', tags: 'ldap_config' } - { name: 'ldap_config', tags: 'ldap_config' }
- { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client } - { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
- { name: 'ssh_host_keys', tags: 'ssh_host_keys' } - { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
- { name: 'ssh_proxy_config', tags: 'ssh_proxy_config', when: enable_ssh_proxy_config }
ansible/group_vars/all
+ 4
0
View file @ e3890884
...@@ -42,3 +42,7 @@ ...@@ -42,3 +42,7 @@
# AWS credentials # AWS credentials
LTS_ACCESS_KEY: "" LTS_ACCESS_KEY: ""
LTS_SECRET_KEY: "" LTS_SECRET_KEY: ""
# ssh proxy
enable_ssh_proxy_config: false
sshpiper_dest_dir: "/opt/sshpiper"
ansible/group_vars/prod
+ 5
0
View file @ e3890884
...@@ -17,3 +17,8 @@ ...@@ -17,3 +17,8 @@
bright_openldap_path: "/cm/local/apps/openldap" bright_openldap_path: "/cm/local/apps/openldap"
ldap_cert_path: "{{bright_openldap_path}}/etc/certs" ldap_cert_path: "{{bright_openldap_path}}/etc/certs"
ldap_uri: "ldaps://ldapserver" ldap_uri: "ldaps://ldapserver"
# proxy_config
target_groups:
- {"name": "gpfs5", "host": "login002", "default": False, "authorized_keys":"/gpfs5/data/user/home/$DOWNSTREAM_USER/.ssh/authorized_keys", "private_key":"/gpfs5/data/user/home/$DOWNSTREAM_USER/.ssh/id_ecdsa"}
- {"name": "gpfs4", "host": "login001", "default": True, "authorized_keys":"/gpfs4/data/user/home/$DOWNSTREAM_USER/.ssh/authorized_keys", "private_key":"/gpfs4/data/user/home/$DOWNSTREAM_USER/.ssh/id_ecdsa"}
ansible/roles/ssh_proxy_config/tasks/main.yml 0 → 100644
+ 13
0
View file @ e3890884
---
- name: Configure sshpiper yaml plugin
ansible.builtin.template:
src: sshpiperd.yaml.j2
dest: "{{ sshpiper_dest_dir }}/sshpiperd.yaml"
backup: true
- name: Enable and start sshpiper service
ansible.builtin.service:
name: sshpiperd
enabled: true
state: restarted
ansible/roles/ssh_proxy_config/templates/sshpiperd.yaml.j2 0 → 100644
+ 28
0
View file @ e3890884
# yaml-language-server: $schema=https://raw.githubusercontent.com/tg123/sshpiper/master/plugin/yaml/schema.json
version: "1.0"
pipes:
{% for group in target_groups %}
{% if not group.default %}
- from:
- groupname: "{{ group.name }}"
authorized_keys: "{{ group.authorized_keys }}"
to:
host: "{{ group.host }}"
ignore_hostkey: true
private_key: "{{ group.private_key }}"
- from:
- groupname: "{{ group.name }}"
to:
host: "{{ group.host }}"
ignore_hostkey: true
{% else %}
- from:
- username: ".*" # catch all
username_regex_match: true
authorized_keys: "{{ group.authorized_keys }}"
to:
host: "{{ group.host }}"
ignore_hostkey: true
private_key: "{{ group.private_key }}"
{% endif %}
{% endfor %}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment