The document details the configuration of Ansible to use a jump server for managing nodes within a DMZ, allowing SSH traffic to be tunneled through the jump server. It provides step-by-step instructions for creating SSH config files and demonstrates how to execute Ansible commands on managed nodes via this setup. Additionally, the document includes information on verifying connectivity and routing SSH traffic for specific hosts through the jump server.

1. Configuring AnsibleConfiguring Ansible
To UseTo Use
Jump ServerJump Server
Ompragash ViswanathanOmpragash Viswanathan
linkedin.com/in/ompragash

2. ArchitectureArchitecture Overview Overview

3. Ansible
Controller
controller.example.com

4. Ansible
Controller
DMZ
controller.example.com

5. Ansible
Controller
Managed
Node
DMZ
controller.example.com managednode.
example.com

6. Ansible
Controller
Managed
Node
DMZ
controller.example.com managednode.
example.com

7. Ansible
Controller
Managed
Node
DMZ
No direct access
controller.example.com managednode.
example.com

8. Ansible
Controller
Managed
Node
DMZ
Jump
Server
controller.example.com managednode.
example.com
jumpserver.example.com

9. Ansible
Controller
Managed
Node
DMZ
Jump
Server
controller.example.com managednode.
example.com
jumpserver.example.com

10. Ansible
Controller
Managed
Node
DMZ
Jump
Server
controller.example.com managednode.
example.com
jumpserver.example.com

11. Ansible
Controller
Managed
Node
DMZ
Jump
Server
Now, Ansible can manage nodes inside DMZ as SSH traffic is
tunneled through Jump Server
controller.example.com managednode.
example.com
jumpserver.example.com

12. DemoDemo

13. Check the connectivity between Ansible
controller and Jump Server

14. Create a config file for use of sshd service and
place under the ~/.ssh with the below details:
Host jumpserver
Hostname jumpserver.example.com
User user
IdentityFile ~/.ssh/jumpserver.pem
StrictHostKeyChecking no
ControlMaster auto
ControlPersist 60s
Host 10.*
Proxycommand ssh ­W %h:%p user@jumpserver

15. Create a config file for use of sshd service and
place under the ~/.ssh with the below details:
Host jumpserver
Hostname jumpserver.example.com
User user
IdentityFile ~/.ssh/jumpserver.pem
StrictHostKeyChecking no
ControlMaster auto
ControlPersist 60s
Host 10.*
Proxycommand ssh ­W %h:%p user@jumpserver
This block combines
setting for acting as an
SSH Jump Server

16. Create a config file for use of sshd service and
place under the ~/.ssh with the below details:
Host jumpserver
Hostname jumpserver.example.com
User user
IdentityFile ~/.ssh/jumpserver.pem
StrictHostKeyChecking no
ControlMaster auto
ControlPersist 60s
Host 10.*
Proxycommand ssh ­W %h:%p user@jumpserver
Host 10.* line indicates
that all hosts in that
subnet will use the
settings defined in that
block

17. Create a config file for use of sshd service and
place under the ~/.ssh with the below details:
Host jumpserver
Hostname jumpserver.example.com
User user
IdentityFile ~/.ssh/jumpserver.pem
StrictHostKeyChecking no
ControlMaster auto
ControlPersist 60s
Host 10.*
Proxycommand ssh ­W %h:%p user@jumpserver
specifically all hosts will
be accessed using the
ProxyCommand setting
and connect through
jumpserver.

18. Now if you manually SSH into Managed Node, you
can notice that the connection is tunneled through
Jump Server in journalctl or /var/log/secure logs

19. Finally, execute Ansible ad-hoc command/playbook
to manage a node which is running in DMZ

20. You can also route SSH traffic for a single / specific set of
hosts to use Jump Server by adding the below variable to
inventory host/groups vars
ansible_ssh_common_args='­o ProxyCommand="ssh ­i
~/.ssh/jumpserver.pem ­o StrictHostKeyChecking=no ­W
%h:%p ­q username@jumpserver.example.com"'

21. Check video description for references and
useful links
linkedin.com/in/ompragash
twitter.com/ompragash_v