On Mon, 9 Jun 2014 08:49:48 -0600 Kevin Fenzi <kevin@xxxxxxxxx> wrote: > On Mon, 9 Jun 2014 08:44:38 -0600 > Tim Flink <tflink@xxxxxxxxxx> wrote: > > > I think that most of your concerns have been addressed or are being > > discussed in other parts of this thread but I wanted to speak > > towards the reason that -P is there at all. > > > > You are correct in reading that it has ansible-playbook use an ssh > > port other than 22. That is set using -e 'ansible_ssh_port=<some > > port>' and giving direct access to the -e parameter would be > > port>problematic at best, > > so I added the -P parameter which is restricted to just that option > > even though it's rendered as -e > > > > The QA devel folks use phabricator and phabricator supports git repo > > hosting (through http(s) and ssh). In order to support git over ssh > > while keeping user information in phabricator (username, ssh key for > > git, repo permissions etc.), it uses a short-circuited ssh daemon > > that uses phabricator for auth instead of system accounts > > (restricted to git commands, though). Git repos on alternate ports > > is a bit of a pain, so to support git+ssh on port 22 I change the > > real ssh daemon (that can do more than git) to an alternate port. > > If those hosts always have ssh on the same different port, we could > just add that to vars? > > http://docs.ansible.com/faq.html#how-do-i-handle-different-machines-needing-different-user-accounts-or-ports-to-log-in-with I've generally been using port 222 for real ssh on those hosts. We could set the port in the inventory file. While that would work for many cases, I've always used the -e directly for 2 reasons: 1) My understanding is that ansible convention discourages putting stuff like that in the inventory files 2) Hosts are listening for ssh on port 22 when initially deployed. Initial deployments would require changing the inventory information to use port 22 for initial deployment and then changing it back to the alternate port after running the playbook/role which sets up the alternate port for ssh. If that's the way that we want to go, we'll have some extra commits to the ansible repo but it'll work. Tim
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure