feat: connect to servers using nat as jumphost

2025-12-30 13:15:38 -05:00
parent c4ae044b52
commit 61e0166ee6
4 changed files with 14 additions and 1 deletions
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -4,6 +4,7 @@ tasks:
  vault: ansible-vault edit vault.yml {{.CLI_ARGS}}
  tf:apply: ansible-playbook playbooks/provision.yml {{.CLI_ARGS}}
  tf:destroy: ansible-playbook playbooks/destroy.yml {{.CLI_ARGS}}
+  configure-nat: ansible-playbook playbooks/configure_nat.yml {{.CLI_ARGS}}

  enter:
    cmd: ssh -i {{.KEY}} -p 22 root@{{.IP}}
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,5 +1,6 @@
 [defaults]
 callbacks_enabled = profile_tasks
+inventory = inventory.cfg
 localhost_warning = False
 vault_password_file = vault.key
 interpreter_python = /usr/bin/python3.11
@@ -8,6 +9,6 @@ interpreter_python = /usr/bin/python3.11
 inventory_unparsed_warning = False

 [ssh_connection]
-ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none
+ssh_args = -F secrets/ssh.cfg -o ControlMaster=auto -o ControlPersist=60s -o ForwardAgent=yes -o IdentityAgent=none
 pipelining = True
 retries = 2
--- a/inventory.cfg
+++ b/inventory.cfg
@@ -0,0 +1,6 @@
+[gateways]
+nat
+
+[servers]
+node-a
+node-b
--- a/playbooks/configure_nat.yml
+++ b/playbooks/configure_nat.yml
@@ -0,0 +1,5 @@
+- name: Configure NAT
+  hosts: gateways
+  gather_facts: false
+  tasks:
+    - ansible.builtin.raw: hostname -I