Ansible, connecting to bastion server in AWS VPC, host unreachable

How can I connect to a bastion server in a AWS VPC using Ansible 2.x to perform a Docker swarm setup? I've seen this question and the official FAQ.

Already tried providing the following via --extra-vars: ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q"' or even using ansible.cfg with the parameter above, or even something like:

ssh_args = -o ControlMaster=auto -o ControlPersist=600s -J ec2-

I tried a lot of combinations but I’m always getting this error message running a ping command in a playbook:

UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the 
host via ssh: ssh: connect to host 10.1.xx.xx port 22: Operation timed 

Probably worth mentioning that:

  1. I’m able to connect to the private hosts in my VPC normally using ssh -J option, example: ssh -J .
  2. I’m using Ansible’s dynamic inventory with ec2.ini configured to map the private ips for a given tag entry.

1 answer

  • answered 2018-07-11 17:28 Rogério Peixoto

    It was a ssh misconfiguration problem.

    I was able to fix with the configuration with those parameters.

    1) Ansible.cfg file

    ssh_args = -o ProxyCommand="ssh -W %h:%p -q $BASTION_USER@$BASTION_HOST" -o ControlPersist=600s 
    pipelining = True

    2) Ec2.ini file

    regions = us-xxxx-x
    destination_variable = private_ip_address
    vpc_destination_variable = private_ip_address

    3) Playbook Execution Command

    export BASTION_USER=xxx-xxxx;
    ansible-playbook -u ec2-xxxx \
     -i ./inventory/ \
     ./playbook/ping.yml \
     --extra-vars \
     "var_hosts=tag_Name_test_private ansible_ssh_private_key_file=~/.ssh/my-test-key.pem" -vvv

    And voila!

    successful ping