diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml index 841e0eb..c59db8a 100644 --- a/ansible/group_vars/all/vars.yml +++ b/ansible/group_vars/all/vars.yml @@ -3,5 +3,6 @@ sshwifty_internal_port: 8080 sshwifty_configuration_directory: "/etc/sshwifty" sshwifty_work_directory: "/var/lib/sshwifty" +sshwifty_gateway_access: false # diff --git a/ansible/host_vars/prod-gateway4/vars.yml b/ansible/host_vars/prod-gateway4/vars.yml index e69de29..ed97d53 100644 --- a/ansible/host_vars/prod-gateway4/vars.yml +++ b/ansible/host_vars/prod-gateway4/vars.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/tasks/setup_sshwifty.yml b/ansible/tasks/setup_sshwifty.yml index 6ebb9c0..039f603 100644 --- a/ansible/tasks/setup_sshwifty.yml +++ b/ansible/tasks/setup_sshwifty.yml @@ -1,4 +1,20 @@ --- +# - name: Check sshwifty_* variables are not empty +# assert: +# that: +# sshwifty_configuration_directory +# sshwifty_hostname +# sshwifty_public_port +# sshwifty_shared_key +# sshwifty_authentication +# sshwifty_ssh_password +# sshwifty_ssh_user +# sshwifty_internal_port +# sshwifty_configuration_directory +# sshwifty_work_directory +# sshwifty_gateway_access +# msg: "" + - name: Install required system packages ansible.builtin.apt: name: @@ -43,7 +59,7 @@ - name: Run SSHwifty community.docker.docker_compose: project_src: "{{ sshwifty_work_directory }}" - recreate: smart + recreate: always state: present # diff --git a/ansible/templates/sshwifty.conf-with-gateway.j2 b/ansible/templates/sshwifty.conf-with-gateway.j2 new file mode 100644 index 0000000..05d3ad7 --- /dev/null +++ b/ansible/templates/sshwifty.conf-with-gateway.j2 @@ -0,0 +1,66 @@ +{# vim: set ts=2 sw=2 et ft=jinja2,json : #} +{ + {# "HostName": "localhost", #} + "SharedKey": "{{ sshwifty_shared_key }}", + "DialTimeout": 10, + "Servers": [ + { + "ListenInterface": "0.0.0.0", + "ListenPort": 8182, + "InitialTimeout": 3, + "ReadTimeout": 60, + "WriteTimeout": 60, + "HeartbeatTimeout": 20, + "ReadDelay": 10, + "WriteDelay": 10 {# , #} + {# "TLSCertificateFile": "", #} + {# "TLSCertificateKeyFile": "" #} + } + ], + "Presets": [ + {% for host in groups['role_mongo'] %} + {% set server_group_id = loop.index0 // mongo_replicas_count %} + {% set server_index = loop.index0 % mongo_replicas_count %} + {% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %} + {% if server_group_id == mongo_group_id %} + { + "Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})", + "Type": "SSH", + "Host": "{{ server_ip_addr }}:22", + "Meta": { + "User": "{{ sshwifty_ssh_user }}", + {% if "password" == sshwifty_authentication | lower %} + "Authentication": "Password", + "Password": "{{ sshwifty_ssh_password }}", + {% else %} + "Authentication": "Private Key", + "Private Key": "file://{{ sshwifty_ssh_private_key }}", + {% endif %} + {# "Fingerprint": home"SHA256:bgO...." #} + "Encoding": "utf-8" + } + }{% if not loop.last %},{% endif %} + {% endif %} + {% endfor %} + {# + { + "Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})", + "Type": "SSH", + "Host": "{{ ansible_ssh_host }}:22", + "Meta": { + "User": "{{ sshwifty_ssh_user }}", + {% if "password" == sshwifty_authentication | lower %} + "Authentication": "Password", + "Password": "{{ sshwifty_ssh_password }}", + {% else %} + "Authentication": "Private Key", + "Private Key": "file://{{ sshwifty_ssh_private_key }}", + {% endif %} + {# "Fingerprint": "SHA256:bgO...." #} + "Encoding": "utf-8" + } + } + #} + ], + "OnlyAllowPresetRemotes": true +} diff --git a/ansible/templates/sshwifty.conf.j2 b/ansible/templates/sshwifty.conf.j2 index 32e43e7..72772d8 100644 --- a/ansible/templates/sshwifty.conf.j2 +++ b/ansible/templates/sshwifty.conf.j2 @@ -1,4 +1,4 @@ -{# vim: set ts=2 sw=2 et ft=jinja2,json : #} +{# vim: set ts=2 sw=2 et ft=jinja2 : #} { {# "HostName": "localhost", #} "SharedKey": "{{ sshwifty_shared_key }}", @@ -18,47 +18,49 @@ } ], "Presets": [ - {% for host in groups['role_mongo'] %} - {% set server_group_id = loop.index0 // mongo_replicas_count %} - {% set server_index = loop.index0 % mongo_replicas_count %} - {% set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] %} - {% if server_group_id == mongo_group_id %} + {%- for host in groups['role_mongo'] -%} + {%- set server_group_id = loop.index0 // mongo_replicas_count -%} + {%- set server_index = loop.index0 % mongo_replicas_count -%} + {%- set server_ip_addr = hostvars[host]['ansible_facts']['default_ipv4']['address'] -%} + {%- if server_group_id == mongo_group_id -%} { "Title": "Group {{ server_group_id }} - Server {{ server_index }} ({{ host }})", "Type": "SSH", "Host": "{{ server_ip_addr }}:22", "Meta": { "User": "{{ sshwifty_ssh_user }}", - {% if "password" == sshwifty_authentication | lower %} + {%- if "password" == sshwifty_authentication | lower -%} "Authentication": "Password", "Password": "{{ sshwifty_ssh_password }}", - {% else %} + {%- else -%} "Authentication": "Private Key", "Private Key": "file://{{ sshwifty_ssh_private_key }}", - {% endif %} + {%- endif -%} {# "Fingerprint": home"SHA256:bgO...." #} "Encoding": "utf-8" } - }, - {% endif %} - {% endfor %} + }{%- if sshwifty_gateway_access or (server_index + 1) < mongo_replicas_count -%},{%- endif -%} + {%- endif -%} + {%- endfor -%} + {%- if sshwifty_gateway_access -%} { "Title": "Group {{ mongo_group_id }} - Gateway ({{ ansible_facts['hostname'] }})", "Type": "SSH", "Host": "{{ ansible_ssh_host }}:22", "Meta": { "User": "{{ sshwifty_ssh_user }}", - {% if "password" == sshwifty_authentication | lower %} + {%- if "password" == sshwifty_authentication | lower -%} "Authentication": "Password", "Password": "{{ sshwifty_ssh_password }}", - {% else %} + {%- else -%} "Authentication": "Private Key", "Private Key": "file://{{ sshwifty_ssh_private_key }}", - {% endif %} + {%- endif -%} {# "Fingerprint": "SHA256:bgO...." #} "Encoding": "utf-8" } } + {%- endif -%} ], "OnlyAllowPresetRemotes": true }