fab-user
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] How to specify pem file path when using gateway in Fabric

From: R M Waters
Subject: Re: [Fab-user] How to specify pem file path when using gateway in Fabric
Date: Sat, 20 Aug 2016 07:32:03 -0400
I find it highly unusual that you have machines in the same subnet as your jumpbox that you cannot access.  Your firewall rules must be ... strange.  Anyway.

First you will test your config using ssh client, then once you have a working configuration you will use fabric and hope it works correctly.

Put this in ~/.ssh/config:

Host 10.0.0.8
    User jumpbox-user
    IdentityFile ~/.ssh/jumpbox-key

Host 10.0.0.9
    ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'

Host 10.0.1.8
    ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'

Host 10.0.2.9
    ProxyCommand ssh -q -A 10.0.0.8 'nc %h %p'

.... etc

(Side note: apparently this is an antiquated method, according to https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts - you may find this helpful)

Then try to ssh into 10.0.0.9, 10.0.1.8, and 10.0.2.9 from 52.7.1.180 (which only has access to 10.0.0.8).
If this doesn't work, then you need to look through the other methods of tunneling and find one that works for you.  Once you have successfully tunneled, then you should assume that `env.use_ssh_config` will also work.  And you will create Host blocks for all the other inaccessible machines.

Extra points if you can minimize the amount of Host blocks in your ssh config.


HTH

On Sat, Aug 20, 2016, 3:50 AM Roshan Shetty <address@hidden> wrote:
Hi hope you are doing well !!

Is it possible to fix this issue on your free time ?

thank you :)



Regards,
Roshan


The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.” - Steve Jobs

On Wed, Aug 17, 2016 at 6:05 PM, Roshan Shetty <address@hidden> wrote:
it's okay.

Thanks for spending time on this issue :)

My current IP is this : 52.7.1.180 ( running scrip from this machine)

Gateway server IP is : 10.0.0.8

Destination IP:
10.0.0.9
10.0.1.8
10.0.2.9
10.0.0.52
10.0.0.53
10.0.0.54
10.0.0.59
and so on (many more servers are there) 

Now,
I'm struggling with having proxy command.

In which server config file i should put Proxy command ?

Can you please tell me the config file content for my scenario ?

Thank you :)



Regards,
Roshan


The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.” - Steve Jobs

On Wed, Aug 17, 2016 at 4:28 PM, R M Waters <address@hidden> wrote:

Apologies, I am not available for chat.


On Wed, Aug 17, 2016, 6:20 AM Roshan Shetty <address@hidden> wrote:
Hi, 

Thanks for the response.

I have some doubt, can we please chat for a while.

I have to finish this today.

Already sent Hangout request..

Thanks :)

Regards,
Roshan


The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.” - Steve Jobs

On Wed, Aug 17, 2016 at 3:45 PM, R M Waters <address@hidden> wrote:
Here is an example from my working ssh config for all hosts matching "*.qa.local":

Host jump
    User someuser
    HostName 192.168.x.x
    IdentityFile ~/.ssh/jumpbox-key

Host *.qa.local
    ProxyCommand ssh -q -A jump 'nc %h %p'

On Wed, Aug 17, 2016 at 5:21 AM, Roshan Shetty <address@hidden> wrote:
Thanks for the reply,

In my case, how can i write ?

I tried this 

Host * 
        User ec2-user
        ProxyCommand ssh * nc %h %p

But its not working 


Regards,
Roshan


The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.” - Steve Jobs

On Wed, Aug 17, 2016 at 7:08 AM, R M Waters <address@hidden> wrote:

The 'Host' specification for the configuration block containing ProxyCommand can be a glob (at least, I am afk or would check the man page).
Example:
Host *.something
  ProxyCommand ....

This will use your jump host for all hosts matching that pattern. I have these blocks for all my unique host mappings, like *.appserver.domain, *.local, et al.


On Tue, Aug 16, 2016, 8:56 AM Roshan Shetty <address@hidden> wrote:
I have checked Proxy command option 

ProxyCommand ssh address@hidden nc %h %p
But it won't work for me.
Reason is : i have multiple destination hosts (more than 100)
My script can login to any one of the destiation server based on IP entered. However gateway host is same all the time.
How can i configure Proxycommand for my scenario.
host 1 -> gateway -> hostA
host 1 -> gateway -> hostB
host 1 -> gateway -> hostC
host 1 -> gateway -> hostD
----------------------------------- (same above scenario continues for 100 servers)
Anyone can please post a code snippet ?

Regards,
Roshan


The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.” - Steve Jobs

On Tue, Aug 16, 2016 at 5:32 PM, R M Waters <address@hidden> wrote:

Are you using ProxyCommand with corkscrew and IdentityFile for your jump host?  I have the exact same setup, and I am able to jump through gateway and access internal hosts with fanric.


On Tue, Aug 16, 2016, 1:31 AM Roshan Shetty <address@hidden> wrote:
I tried to use `env.use_ssh_config`

But it's not working.

because Fabric is not using the ssh config file of gateway server. So it will prompt for password


Regards,
Roshan


The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.” - Steve Jobs

On Mon, Jul 25, 2016 at 10:05 PM, R M Waters <address@hidden> wrote:
You could try using `env.use_ssh_config` instead of gateway, and use a local ssh client config that works how you want outside of fabric (i.e. you can log into the final host through the jump host using the existing keyfiles, using ProxyCommand/IdentityFile).  I suppose that fabric instructed to use that config *should* then work as well (but I don't know for sure, apologies).  Here is an SO answer that seems to explain how to do what you are asking with ~/.ssh/config: http://serverfault.com/a/337328

On Sun, Jul 24, 2016 at 2:07 PM, Roshan Shetty <address@hidden> wrote:

Hi,

I have asked this question on stack overflow but i haven't received any response.

My scenario:

Local host -> Gateway -> Remote host

I am using env.gateway variable to specify gateway host.

sample code

`env.user = "ec2-user"

 env.key_filename = ["/home/ec2-user/.ssh/internal.pem","/home/roshan.r/test.pem","/home/ec2-user/.ssh/test2.pem"]

 env.hosts = ['x.x.x.244', 'x.x.x.132']      
 env.gateway = 'x.x.x.189'

 def getdate():
      content = run('date')

`
My problem is with pem key path.

/home/roshan.r/test.pem is located in current directory. which is used for login into gateway server.

Other two mentioned pem files are located in gateway servers. Those will be used to login to next machie.

When i run this program i'm getting file not found error.

Thanks for any help !!



Regards,
Roshan


The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. As with all matters of the heart, you’ll know when you find it.” - Steve Jobs

_______________________________________________
Fab-user mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/fab-user









reply via email to
[Prev in Thread] Current Thread [Next in Thread]