Skip to content

Instantly share code, notes, and snippets.

@acdha

acdha/ansible.cfg Secret

Created May 27, 2020
Embed
What would you like to do?
[inventory]
enable_plugins = gcp_compute
[ssh_connection]
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled.
pipelining = True
scp_if_ssh = False
ssh_executable = ./gcp-ssh-wrapper
#!/bin/bash
# This is a shim which allows GCP's “gcloud compute ssh” command to be
# used instead of calling SSH directly until either Ansible has a GCP IAP
# connection plugin or the GCP CLI reaches feature-parity with Amazon SSM
set -e -u -v
# Ansible passes a large number of SSH parameters along with the hostname as the
# second to last argument and the command as the last. We will pop the last two
# arguments off of the list and then pass all of the other SSH flags through
# without modification:
hostname="${*: -2: 1}"
command="${*: -1: 1}"
declare -a ssh_flags
for ssh_arg in "${@: 0: $# - 3}"; do
ssh_flags+=(--ssh-flag="${ssh_arg}")
done
# FIXME: “gcloud compute ssh” under some circumstances will fail with the error
# (gcloud.compute.ssh) Underspecified resource […]. Specify the [--zone]
# flag. rather than using the zone it obtains from the API call. Currently we
# can ignore this since all of the dev instances are in a single zone.
exec gcloud compute ssh --quiet --zone=us-central1-a --tunnel-through-iap "${ssh_flags[@]}" "${hostname}" --command="${command}"
@hallvors

This comment has been minimized.

Copy link

@hallvors hallvors commented Sep 15, 2020

I see one of the "ssh_flags" here is the path of the gcp-ssh-wrapper script itself - is that intended? Maybe it is not but gets ignored? Sorry for a newbie question :)

@acdha

This comment has been minimized.

Copy link
Owner Author

@acdha acdha commented Sep 15, 2020

@hallvors Good catch - that apparently is ignored. I believe changing the 0 on line 17 to 1 would fix it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.