Use a proxyjump to reach the deployment
Since nodepool nodes will not have direct access to the Limestone 10.0.0.0/8 private network, and part of the deployment (such as compute hosts) are only connected to the private network, we will use an SSH proxyjump through the first publicly accessible host to reach the deployment. Change-Id: I9412b5b4733d96c2494e67ff935f273e508b6812
This commit is contained in:
parent
7bab1df116
commit
96b4fd3300
|
@ -13,6 +13,14 @@
|
|||
content: "{{ vault_secret.key }}"
|
||||
dest: "{{ vault_key_path }}"
|
||||
mode: '0600'
|
||||
- name: Ensure the SSH configuration directory exists
|
||||
file:
|
||||
path: "{{ ansible_user_dir }}/.ssh"
|
||||
state: directory
|
||||
- name: Copy the SSH proxy configuration
|
||||
copy:
|
||||
src: "{{ lsn_ci_src_path }}/ssh/ssh_config"
|
||||
dest: "{{ ansible_user_dir }}/.ssh/config"
|
||||
# Load the deployment SSH key
|
||||
- name: Create the SSH private key tempfile
|
||||
tempfile:
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
# NOTE(logan): To reach the 10.0.0.0/8 hosts in the deployment, a ProxyJump
|
||||
# is used from the nodepool deployment host through the first infrastructure
|
||||
# host, lsn-mc1016.
|
||||
|
||||
Host *
|
||||
ProxyJump root@192.169.91.98
|
Loading…
Reference in New Issue