In many environments, there exists a particularly secure host that must handle all management operations performed by operators on productio

In many environments, there exists a particularly secure host that must handle all management operations performed by operators on production environments. This host is usually subject to audits and continuous verification.

Ansible can be configured to be used through a bastion host, but the configuration depends closely on the protocol used. For our purposes, we will limit ourselves to SSH.

In our environment, our computer, Linux or MacOS, acts as the Ansible Controller, while the server EVE-NG  acts as the bastion host: the devices are only reachable from the EVE-NG server.

It is important to note that in this way, the local Python environment will be used, not that of the bastion host. Any library or module errors, therefore, refer to the local system. The bastion host is simply used as a bridge, and for this reason, it does not require any particular configuration, except for authentication via public key.

Continue reading the post on Patreon .