task/ansible: use ProxyCommand for tunneling

Instead of reusing ssh ports use ansible ProxyCommand in inventory, so ansible can create own tunnel per host. Signed-off-by: Kyr Shatskyy <[email protected]>
ceph · Feb 26, 2025 · 535ee11 · 535ee11
1 parent 8b443da
commit 535ee11
Showing 1 changed file with 44 additions and 3 deletions.
diff --git a/teuthology/task/ansible.py b/teuthology/task/ansible.py
@@ -260,10 +260,45 @@ def generate_inventory(self):
         """
         hosts = self.cluster.remotes.keys()
         hostnames = []
+        proxy = []
         for remote in hosts:
-            if remote.ssh:
-                host, port = remote.ssh.get_transport().getpeername()
-                i = f"{remote.hostname} ansible_host={host} ansible_port={port} ansible_ssh_common_args='-o StrictHostKeyChecking=no'"
+            if teuth_config.tunnel:
+                for tunnel in teuth_config.tunnel:
+                    cmd = None
+                    if remote.hostname in tunnel.get('hosts'):
+                        bastion = tunnel.get('bastion')
+                        if not bastion:
+                            log.error("The 'tunnel' config must include 'bastion' entry")
+                            continue
+                        host = bastion.get('host', None)
+                        if not host:
+                            log.error("Bastion host is not provided. Tunnel ignored.")
+                            continue
+                        user = bastion.get('user', None)
+                        word = bastion.get('word', None)
+                        port = bastion.get('port', 22)
+                        pkey = bastion.get('identity', None)
+                        opts = "-W %h:%p"
+                        if word:
+                            log.warning(f"Password authentication requested for the bastion '{host}' "
+                                        f"in order to connect to remote '{remote.hostname}'. "
+                                        f"The password authentication is not supported and will be ignored")
+                        if port:
+                            opts += f" -p {port}"
+                        if pkey:
+                            opts += f" -i {pkey}"
+                        if user:
+                            opts += f" {user}@{host}"
+                        else:
+                            opts += f" {host}"
+                        cmd = f"ssh {opts}"
+                        if not host in proxy:
+                            proxy.append(host)
+                        break
+                if cmd:
+                    i = f"{remote.hostname} ansible_ssh_common_args='-o ProxyCommand=\"{cmd}\" -o StrictHostKeyChecking=no'"
+                else:
+                    i = remote.hostname
             else:
                 i = remote.hostname
             hostnames.append(i)
@@ -272,7 +307,13 @@ def generate_inventory(self):
             inventory.append('[{0}]'.format(self.inventory_group))
 
         inventory.extend(sorted(hostnames) + [''])
+
+        if len(proxy) > 0:
+            inventory.append('[proxy]')
+            inventory.extend(sorted(proxy) + [''])
+
         hosts_str = '\n'.join(inventory)
+
         self.inventory = self._write_inventory_files(hosts_str)
         self.generated_inventory = True