Is it possible to tell ansible not to use ~/.ssh/config? - ssh

My ~/.ssh/config file is interfering with ansible, I use a lot of abbreviations in there to make my life easier when logging onto servers.
for example in:
Host te*
HostName %h.example.com
User test
In my ansible hosts file I have:
[servers]
te1.exmaple.com
te2.example.com
which means when I run ansible, the connection will fail because it will use my ssh config file and try to connect to te1.example.com.example.com.
I know I could modify ansible hosts to just be te1 and let ssh config add the rest of the domain, but I know that other members of my team don't have their .ssh/config set up like me so this isn't really an option, and tbh is the easy route which will end up causing problems for others.
Is there a way in ansible to tell it not to use mine or anyone else .ssh/config file?

You can use the ANSIBLE_SSH_ARGS parameter in ansible.cfg for that. The required ssh parameter is -F configfile which has the following meaning:
-F configfile
Specifies an alternative per-user configuration file. If a
configuration file is given on the command line, the system-wide
configuration file (/etc/ssh/ssh_config) will be ignored. The default
for the per-user configuration file is ~/.ssh/config.
So your ANSIBLE_SSH_ARGS with the defaults in in ansible.cfg would then look like this:
ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s -F /dev/null

ssh -F allows you to specify "an alternative per-user configuration file".
-F configfile
Specifies an alternative per-user configuration file. If a configuration file is given on the command line, the
system-wide configuration file (/etc/ssh/ssh_config) will be ignored. The default for the per-user configuration
file is ~/.ssh/config.
In Ansible you can configure it by ANSIBLE_SSH_ARGS.
For example in ansible.cfg you can set it to any file that fits your needs.
[ssh_connection]
ssh_args = -F ...
Or, you might want to create a separate user (let's say ansible-admin) set her ~/.ssh/config and use it to run ansible.

This is what worked for me in the end. I added this to my ansible.cgf file.
[all:vars] ansible_ssh_common_args = '-F /dev/null'
Thanks to all who answered :)

Related

Run Kubectl in apache

I have this bash script:
#!/bin/bash
USERNAME=$1
WORKDIR='dir_'$USERNAME
mkdir deployment/$WORKDIR
cat deployment/deploy.yml > deployment/$WORKDIR/deploy.yml
sed -i 's/alopezfu/'$USERNAME'/g' deployment/$WORKDIR/deploy.yml
kubectl apply -f deployment/$WORKDIR/deploy.yml
rm -rf deployment/$WORKDIR/
And i use exec funcition in PHP for run.
And i get this messege in /var/log/apache/error.log
To view or setup config directly use the 'config' command.
error: no configuration has been provided, try setting KUBERNETES_MASTER environment variable
error: Missing or incomplete configuration info. Please point to an existing, complete config file:
Via the command-line flag --kubeconfig
Via the KUBECONFIG environment variable
In your home directory as ~/.kube/config
I need help 🙏
Since you are running the script as a diferent user, you need to "tell" to kubectl where is the configuration file.
This can be done setting the variable KUBECONFIG in your environment.
Supposing the kubernetes config file is in the dir /var/www/ with the correct permission to be readable, you can configure your php script like this:
<?php
$kubeconfig = "/var/www/config"; // The config file
putenv("KUBECONFIG=$kubeconfig"); // set the environment variable KUBECONFIG
$output = shell_exec("KUBECONFIG=$kubeconfig ; kubectl get pods -A"); // Runs the command
echo "<pre>$output</pre>"; // and return the expected output.
?>
Please be aware that:
Setting certain environment variables may be a potential security breach.
Some actions that should mitigate the impacts:
Make sure your config file is safe and not reachable from the browser;
Consider to create a serviceAccount with limited permissions;
Here you can find some useful commands and kubectl tips.
How to create a service account for kubectl

Find httpd.conf file location after it's been changed by -f flag

Httpd processes use a non-default configuration file if they are run with the -f flag.
For example
/home/myuser/apache/httpd-2.4.8/bin/httpd -f /confFiles/apache/2.4.8/apache.conf -k start
will use this configuration file: /confFiles/apache/2.4.8/apache.conf
I need to get this location and would rather not have to check for possible -f flags used to start httpd.
The answer here says to run /path/to/httpd -V and concatenate
-D SERVER_CONFIG_FILE="conf/httpd.conf"
with
-D HTTPD_ROOT="/etc/httpd"
to get the final path to the config file.
However, this path will not be the correct one if the -f flag is used to start the httpd process.
Is there a command that can get the config file that is actually being used by the process?
The answer you refer to mentions the paths httpd was compiled with, but as you say those can be manually changed with parameters.
The simple way to check is the command line, if process is called "httpd" (standard name), a simple ps will reveal the config file being used:
ps auxw | grep httpd
Or querying the server if server has mod_info loaded, in command line or with your favourite browser:
curl "http://yourserver.example.com/server-info?server" | grep -i "config file"
Note: mod_info should not be publicaly available for everyone to see.

Specify different options for scp and ssh in .ssh_config file

I am using ~/.ssh/config file to set my ssh options.
I want to specify different settings for scp and ssh to the same host. Is it possible to do it?
I went through the documentation, but couldn't a way to do it.
I'd make a second config file, ~/.ssh/scp_config, and then use a shell alias for scp with the -F option to specify the config file:
alias scp="scp -F ~/.ssh/scp_config`
(This is an untested zsh alias; I don't know how different Bash alias' are, but the idea should be similar. Note also that this may still require you to use scp -F <file> in scripts).

relocate apache's configuration files

is there a chance to use different location for apache's config files (on Windows)? Other than having to compile it myself and setting the proper #define HTTPD_ROOT value.
Thx rezna
This can be done by specifying the -f option when installing apache as a service on Windows.
The -f option accepts the location of the configuration file. For example, if your command to install the service was
httpd.exe -k install -n "MyServiceName"
Add -f "c:\files\my.conf", with your configuration file instead, like so:
httpd.exe -k install -n "MyServiceName" -f "c:\files\my.conf"
See the Apache manual for more information.

Setting the default ssh key location

ssh will look for its keys by default in the ~/.ssh folder. I want to force it to always look in another location.
The workaround I'm using is to add the keys from the non-standard location to the agent:
ssh-agent
ssh-add /path/to/where/keys/really/are/id_rsa
(on Linux and MingW32 shell on Windows)
If you are only looking to point to a different location for you identity file, the you can modify your ~/.ssh/config file with the following entry:
IdentityFile ~/.foo/identity
man ssh_config to find other config options.
man ssh gives me this options would could be useful.
-i identity_file
Selects a file from which the identity (private key) for RSA or
DSA authentication is read. The default is ~/.ssh/identity for
protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro-
tocol version 2. Identity files may also be specified on a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in config-
uration files).
So you could create an alias in your bash config with something like
alias ssh="ssh -i /path/to/private_key"
I haven't looked into a ssh configuration file, but like the -i option this too could be aliased
-F configfile
Specifies an alternative per-user configuration file. If a configuration file is given on the command line, the system-wide configuration file (/etc/ssh/ssh_config) will be ignored. The default for the per-user configuration file is ~/.ssh/config.
Update for Git Bash on Windows 10: on my system, git bash app will work over the ssh layer (brought by OpenSSH) look for an environment variable called HOME (To Windows key and type in "env" to edit env vars). If this variable points to a place that doesn't exist, git bash may never open.
Like on Linux, Git Bash app will look for its config file in %HOME%\.ssh.
e.g. If you set HOME to C:\Users\Yourname, than it will look for C:\Users\Yourname\.ssh
Finally, within config text file, git bash will look for IdentifyFile path.
On Windows, set the path using cygwin notation.
e.g. to /e/var/www/certs/keys/your_passwordless_key.key
Bonus: for free, PHPStorm will use that setup. Restart IDE if you've just changed settings.