Jumpbox with internal server
Last updated
Last updated
In this example, we will see how one might provision an 'internal server' (i.e. one that isn't directly connected to the Internet) along with a Jumpbox (aka Jump Box aka Jump server) that can be used to log into this 'semi-isolated' VM via SSH, and which can also be used, e.g., to run additional Ansible Playbooks on the VM to perform additional, post-provisioning tasks. (In order to install additional packages, etc., on the new VM, it would, of course, need some kind of outgoing network connectivity — we will look at how this can be done using our NAT Gateway in Part 6 of this series.)
This example also introduces a few new modules, techniques and 'code snippets' that you might find interesting, including:
how the ionoscloudsdk.ionoscloud.cube_template and cube_server modules can be used to provision a Cube Server given its desired 'size' name;
pointers to and/or examples of how files can be created 'on the fly' (e.g. via ansible.builtin.shell + HEREDOCs, via the copy module, and via Jinja templates); and
how ssh_config and Ansible inventory files can be automatically generated and then used, together, to allow you to ssh into, and run Ansible playbooks on a server that isn't directly connected to the Internet.
This example includes and/or depends on the following files:
| File | Description |
|---|---|
To provision this infrastructure, simply run the following command:
Optionally, look at the contents of the dynamically-created files (in particular, ssh_config and inventory.yml)
To ssh into the VMs, type the following from the same directory in another shell (where ${DESIRED_SERVER} is either jumpbox or internal):
To configure the internal server via the jumpbox, you can then run the following command (also from a secondary shell):
Once you have finished exploring this example, press <Enter> in the shell from Step 1 to let the main.yml playbook delete the provisioned resources.
In this tutorial, we saw examples of:
how to use the ionoscloudsdk.ionoscloud.cube_template and cube_server modules to provision a Cube Server;
how the ansible.builtin.shell module and the ssh-keygen command can be used to generate a temporary SSH key-pair;
how the ansible.builtin.template module, and the ansible.builtin.shell module and the cat command can be used to dynamically create files based upon the contents of register variables
how we can use the above to configure a jumpbox that can, in turn, be used to access and configure an 'internal server' that is otherwise inaccessible from the Internet
The source files for this tutorial can be downloaded from its Github repository, or cloned into your current working directory using the command git clone https://github.com/ionos-cloud/module-ansible.git, and changing into the module-ansible/docs/tutorials/03__jumpbox_with_internal_server sub-directory.
main.yml
This is the example's main Ansible file; it communicates via localhost and our Ansible Module with the IONOS Cloud Cloud API in order to provision our virtual resources
configure-internal-server.yml
This playbook is run on the internal VM via the jumpbox (see ansible_ssh_common_args in inventory.yml and/or ssh_config after running main.yml)
cloud-init.txt
This file contains the cloud-init data that will be used to tailor the internal server when it's being provisioned
templates/ssh_config.j2
A simple Jinja template, in this case, to dynamically create the ssh_config file mentioned above
../vars.yml
This file is common to all of our Ansible examples and contains a set of more generally-used variable definitions