OpenSSH 允许使用 socks 代理充当加密隧道。这可用于 ansible 中的 openstack 模块。但是 ansible 文档没有提到如何使用除 HTTP/HTTPS 之外的任何其他代理。
答案1
socks 代理
首先配置OpenSSH 袜子隧道:
添加~/.ssh/config
类似以下内容:
# Physical host
Host Dell-em1
User myuser
HostName 192.168.x.x
ForwardAgent yes
Host undercloud-0
User stack
HostName undercloud-0
ProxyJump Dell-em1
IdentityFile /home/mvutcovi/infrared/.workspaces/workspace_2018-02-14_18-24-58/id_rsa
Host controller-0
User heat-admin
HostName 192.168.24.13
ProxyJump Dell-em1
IdentityFile /home/mvutcovi/infrared/.workspaces/workspace_2018-02-14_18-24-58/id_rsa
DynamicForward localhost:65432
现在测试您是否可以使用以下方式访问 Horizon 仪表板:
ALL_PROXY=socks5h://localhost:65432 curl -vi 10.0.0.107:80/dashboard
openstack 客户端配置 -云.yml
创建~/clouds.yaml
包含以下内容的文件:
clouds:
my_cloud:
auth:
auth_url: http://10.0.0.107:5000/v2.0
project_name: myproject
username: admin
password: XXXXXX
region_name: ""
测试:
ALL_PROXY="socks5h://localhost:65432" openstack --os-cloud my_cloud server list
ansible
创建一个 openstack_test.yaml 文件,内容如下:
---
- hosts: localhost
gather_facts: no
tasks:
- name: Upload CentOS7 iso image
os_image:
name: centos7
cloud: "my_cloud"
container_format: bare
disk_format: iso
filename: /path_to_local_file/CentOS-7-x86_64-DVD-1708.iso
properties:
cpu_arch: x86_64
distro: redhat
environment:
ALL_PROXY: "socks5h://localhost:65432"
when: false
# vim:et:sw=2:ts=2:sts=2:
环境变量ALL_PROXY
需要设置为socks5h://localhost:65432
。此变量由 libcurl 使用,而大多数连接到远程 http 服务的 ansible 模块都会使用它。有关更多详细信息,请参阅:https://curl.haxx.se/libcurl/c/libcurl-env.html和https://curl.haxx.se/libcurl/c/CURLOPT_SOCKS_PROXY.html