diff --git a/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst b/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst index f7c36f812e..7323d487c0 100644 --- a/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst +++ b/docs/docsite/rst/network/user_guide/network_debug_troubleshooting.rst @@ -597,6 +597,46 @@ no additional changes necessary. The network module will now connect to the network device by first connecting to the host specified in ``ansible_ssh_common_args``, which is ``bastion01`` in the above example. +Using bastion/jump host with netconf connection +----------------------------------------------- + +Enabling jump host setting +-------------------------- + +Bastion/jump host with netconf connection can be enable using +- Setting Ansible variable``ansible_netconf_ssh_config`` either to ``True`` or custom ssh config file path +- Setting environment variable ``ANSIBLE_NETCONF_SSH_CONFIG`` to ``True`` or custom ssh config file path +- Setting ``ssh_config = 1`` or ``ssh_config = ``under ``netconf_connection`` section + +If the configuration variable is set to 1 the proxycommand and other ssh variables are read from +default ssh config file (~/.ssh/config). +If the configuration variable is set to file path the proxycommand and other ssh variables are read +from the given custom ssh file path + +Example ssh config file (~/.ssh/config) +--------------------------------------- + +.. code-block:: ini + + Host junos01 + HostName junos01 + User myuser + + ProxyCommand ssh user@bastion01 nc %h %p %r + +Example Ansible inventory file + +.. code-block:: ini + + [junos] + junos01 + + [junos:vars] + ansible_connection=netconf + ansible_network_os=junos + ansible_user=myuser + ansible_ssh_pass=!vault... + .. note:: Using ``ProxyCommand`` with passwords via variables diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml index ddf00490d4..1e9ed2e322 100644 --- a/lib/ansible/config/base.yml +++ b/lib/ansible/config/base.yml @@ -1643,4 +1643,13 @@ YAML_FILENAME_EXTENSIONS: - section: defaults key: yaml_valid_extensions type: list +NETCONF_SSH_CONFIG: + description: This variable is used to enable bastion/jump host with netconf connection. If set to True the bastion/jump + host ssh settings should be present in ~/.ssh/config file, alternatively it can be set + to custom ssh configuration file path to read the bastion/jump host settings. + env: [{name: ANSIBLE_NETCONF_SSH_CONFIG}] + ini: + - {key: ssh_config, section: netconf_connection} + yaml: {key: netconf_connection.ssh_config} + default: null ... diff --git a/lib/ansible/plugins/connection/netconf.py b/lib/ansible/plugins/connection/netconf.py index 08cc17ee0d..73648f2f23 100644 --- a/lib/ansible/plugins/connection/netconf.py +++ b/lib/ansible/plugins/connection/netconf.py @@ -154,6 +154,21 @@ options: - name: ANSIBLE_PERSISTENT_COMMAND_TIMEOUT vars: - name: ansible_command_timeout + netconf_ssh_config: + description: + - This variable is used to enable bastion/jump host with netconf connection. If set to + True the bastion/jump host ssh settings should be present in ~/.ssh/config file, + alternatively it can be set to custom ssh configuration file path to read the + bastion/jump host settings. + ini: + - section: netconf_connection + key: ssh_config + version_added: '2.7' + env: + - name: ANSIBLE_NETCONF_SSH_CONFIG + vars: + - name: ansible_netconf_ssh_config + version_added: '2.7' """ import os @@ -162,7 +177,7 @@ import json from ansible.errors import AnsibleConnectionFailure, AnsibleError from ansible.module_utils._text import to_bytes, to_native, to_text -from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE +from ansible.module_utils.parsing.convert_bool import BOOLEANS_TRUE, BOOLEANS_FALSE from ansible.plugins.loader import netconf_loader from ansible.plugins.connection import NetworkConnectionBase @@ -250,10 +265,10 @@ class Connection(NetworkConnectionBase): device_params = {'name': NETWORK_OS_DEVICE_PARAM_MAP.get(self._network_os) or self._network_os} - ssh_config = os.getenv('ANSIBLE_NETCONF_SSH_CONFIG', False) + ssh_config = self.get_option('netconf_ssh_config') if ssh_config in BOOLEANS_TRUE: ssh_config = True - else: + elif ssh_config in BOOLEANS_FALSE: ssh_config = None try: