Use a proxyjump to reach the deployment

Since nodepool nodes will not have direct access to the Limestone 10.0.0.0/8 private network, and part of the deployment (such as compute hosts) are only connected to the private network, we will use an SSH proxyjump through the first publicly accessible host to reach the deployment. Change-Id: I9412b5b4733d96c2494e67ff935f273e508b6812
2018-09-13 10:09:44 -06:00 · 2018-09-13 10:09:44 -06:00 · 96b4fd3300
parent 7bab1df116
commit 96b4fd3300
2 changed files with 14 additions and 0 deletions
--- a/.zuul.d/playbooks-deploy/pre.yml
+++ b/.zuul.d/playbooks-deploy/pre.yml
@ -13,6 +13,14 @@
        content: "{{ vault_secret.key }}"
        dest: "{{ vault_key_path }}"
        mode: '0600'
+    - name: Ensure the SSH configuration directory exists
+      file:
+        path: "{{ ansible_user_dir }}/.ssh"
+        state: directory
+    - name: Copy the SSH proxy configuration
+      copy:
+        src: "{{ lsn_ci_src_path }}/ssh/ssh_config"
+        dest: "{{ ansible_user_dir }}/.ssh/config"
    # Load the deployment SSH key
    - name: Create the SSH private key tempfile
      tempfile:
--- a/ssh/ssh_config
+++ b/ssh/ssh_config
@ -0,0 +1,6 @@
+# NOTE(logan): To reach the 10.0.0.0/8 hosts in the deployment, a ProxyJump
+# is used from the nodepool deployment host through the first infrastructure
+# host, lsn-mc1016.
+
+Host *
+    ProxyJump root@192.169.91.98