Jumpbox with internal server
3. Provision a Jumpbox and an Internal Server
Overview
In this example, we will see how one might provision an 'internal server' (i.e. one that isn't directly connected to the Internet) along with a Jumpbox (aka Jump Box aka Jump server) that can be used to log into this 'semi-isolated' VM via SSH, and which can also be used, e.g., to run additional Ansible Playbooks on the VM to perform additional, post-provisioning tasks. (In order to install additional packages, etc., on the new VM, it would, of course, need some kind of outgoing network connectivity — we will look at how this can be done using our NAT Gateway in Part 6 of this series.)
Before you begin
This example also introduces a few new modules, techniques and 'code snippets' that you might find interesting, including:
how the
ionoscloudsdk.ionoscloud.cube_template
andcube_server
modules can be used to provision a Cube Server given its desired 'size' name;pointers to and/or examples of how files can be created 'on the fly' (e.g. via
ansible.builtin.shell
+ HEREDOCs, via thecopy
module, and via Jinja templates); andhow
ssh_config
and Ansible inventory files can be automatically generated and then used, together, to allow you to ssh into, and run Ansible playbooks on a server that isn't directly connected to the Internet.
What's in this example?
This example includes and/or depends on the following files:
main.yml
configure-internal-server.yml
This playbook is run on the internal VM via the jumpbox (see ansible_ssh_common_args
in inventory.yml
and/or ssh_config
after running main.yml
)
cloud-init.txt
templates/ssh_config.j2
../vars.yml
This file is common to all of our Ansible examples and contains a set of more generally-used variable definitions
Usage
To provision this infrastructure, simply run the following command:
Optionally, look at the contents of the dynamically-created files (in particular,
ssh_config
andinventory.yml
)To ssh into the VMs, type the following from the same directory in another shell (where
${DESIRED_SERVER}
is eitherjumpbox
orinternal
):To configure the internal server via the jumpbox, you can then run the following command (also from a secondary shell):
Once you have finished exploring this example, press
<Enter>
in the shell from Step 1 to let themain.yml
playbook delete the provisioned resources.
Summary
In this tutorial, we saw examples of:
how to use the
ionoscloudsdk.ionoscloud.cube_template
andcube_server
modules to provision a Cube Server;how the
ansible.builtin.shell
module and thessh-keygen
command can be used to generate a temporary SSH key-pair;how the
ansible.builtin.template
module, and theansible.builtin.shell
module and thecat
command can be used to dynamically create files based upon the contents of register variableshow we can use the above to configure a jumpbox that can, in turn, be used to access and configure an 'internal server' that is otherwise inaccessible from the Internet
Source files
The source files for this tutorial can be downloaded from its Github repository, or cloned into your current working directory using the command git clone https://github.com/ionos-cloud/module-ansible.git
, and changing into the module-ansible/docs/tutorials/03__jumpbox_with_internal_server
sub-directory.
Last updated