59 lines
1.7 KiB
YAML
59 lines
1.7 KiB
YAML
---
|
|
- name: Reach Portainer via SSH tunnel through bdc
|
|
hosts: localhost
|
|
connection: local
|
|
gather_facts: false
|
|
|
|
vars:
|
|
bastion_host: bdc.cci17.fr
|
|
bastion_port: 17100
|
|
bastion_user: ansible
|
|
|
|
portainer_ip: 10.30.0.151
|
|
portainer_port: 9443
|
|
|
|
local_port: "{{ 20000 + (9999 | random) }}"
|
|
ssh_control_socket: "/tmp/ssh-tunnel-{{ local_port }}.sock"
|
|
|
|
tasks:
|
|
- block:
|
|
- name: Open SSH tunnel (local -> portainer via bastion)
|
|
shell: >
|
|
ssh
|
|
-p {{ bastion_port }}
|
|
-o ExitOnForwardFailure=yes
|
|
-o StrictHostKeyChecking=no
|
|
-o UserKnownHostsFile=/dev/null
|
|
-o ServerAliveInterval=10
|
|
-o ServerAliveCountMax=3
|
|
-M -S {{ ssh_control_socket }}
|
|
-f -N
|
|
-L 127.0.0.1:{{ local_port }}:{{ portainer_ip }}:{{ portainer_port }}
|
|
{{ bastion_user }}@{{ bastion_host }}
|
|
changed_when: true
|
|
|
|
- name: Wait for local tunnel port
|
|
wait_for:
|
|
host: 127.0.0.1
|
|
port: "{{ local_port }}"
|
|
timeout: 20
|
|
|
|
- name: HTTPS check Portainer through tunnel
|
|
uri:
|
|
url: "https://127.0.0.1:{{ local_port }}/"
|
|
method: GET
|
|
validate_certs: false
|
|
status_code: [200, 301, 302, 403]
|
|
register: portainer_check
|
|
|
|
- name: OK
|
|
debug:
|
|
msg: "✅ Portainer joignable via tunnel (status {{ portainer_check.status }})"
|
|
|
|
always:
|
|
- name: Close tunnel if opened
|
|
shell: >
|
|
test -S {{ ssh_control_socket }} &&
|
|
ssh -p {{ bastion_port }} -S {{ ssh_control_socket }} -O exit
|
|
{{ bastion_user }}@{{ bastion_host }} || true
|
|
ignore_errors: true |