From 96b4fd33006e6b6d77ca83c344d9588fe5c3ceb6 Mon Sep 17 00:00:00 2001
From: Logan V <logan2211@gmail.com>
Date: Thu, 13 Sep 2018 10:09:44 -0600
Subject: [PATCH] Use a proxyjump to reach the deployment

Since nodepool nodes will not have direct access to the Limestone
10.0.0.0/8 private network, and part of the deployment (such as
compute hosts) are only connected to the private network, we will
use an SSH proxyjump through the first publicly accessible host
to reach the deployment.

Change-Id: I9412b5b4733d96c2494e67ff935f273e508b6812
---
 .zuul.d/playbooks-deploy/pre.yml | 8 ++++++++
 ssh/ssh_config                   | 6 ++++++
 2 files changed, 14 insertions(+)
 create mode 100644 ssh/ssh_config

diff --git a/.zuul.d/playbooks-deploy/pre.yml b/.zuul.d/playbooks-deploy/pre.yml
index 6e7b741..013f62b 100644
--- a/.zuul.d/playbooks-deploy/pre.yml
+++ b/.zuul.d/playbooks-deploy/pre.yml
@@ -13,6 +13,14 @@
         content: "{{ vault_secret.key }}"
         dest: "{{ vault_key_path }}"
         mode: '0600'
+    - name: Ensure the SSH configuration directory exists
+      file:
+        path: "{{ ansible_user_dir }}/.ssh"
+        state: directory
+    - name: Copy the SSH proxy configuration
+      copy:
+        src: "{{ lsn_ci_src_path }}/ssh/ssh_config"
+        dest: "{{ ansible_user_dir }}/.ssh/config"
     # Load the deployment SSH key
     - name: Create the SSH private key tempfile
       tempfile:
diff --git a/ssh/ssh_config b/ssh/ssh_config
new file mode 100644
index 0000000..a9b9b6b
--- /dev/null
+++ b/ssh/ssh_config
@@ -0,0 +1,6 @@
+# NOTE(logan): To reach the 10.0.0.0/8 hosts in the deployment, a ProxyJump
+# is used from the nodepool deployment host through the first infrastructure
+# host, lsn-mc1016.
+
+Host *
+    ProxyJump root@192.169.91.98