diff options
| author | Bogdan Dobrelya <bdobreli@redhat.com> | 2017-08-16 09:14:06 +0200 |
|---|---|---|
| committer | Tomas Sedovic <tomas@sedovic.cz> | 2017-08-16 09:14:06 +0200 |
| commit | 6ebad037254b0c254638f6e6dfbd48e451a1ceeb (patch) | |
| tree | e9aeb0cc4e48a1e908c6c1156a50f0c4734fc650 /roles/static_inventory/templates | |
| parent | fca4c6047bb35582b5254d4a087f7119364a8725 (diff) | |
| download | openshift-6ebad037254b0c254638f6e6dfbd48e451a1ceeb.tar.gz openshift-6ebad037254b0c254638f6e6dfbd48e451a1ceeb.tar.bz2 openshift-6ebad037254b0c254638f6e6dfbd48e451a1ceeb.tar.xz openshift-6ebad037254b0c254638f6e6dfbd48e451a1ceeb.zip | |
Access UI via a bastion node (#596)
When using a bastion and a single master, use the lb-secgrp
to access UI port allowed from the ingress bastion node cidr.
For HA (masters>1), UI still should be accessed via
the LB node's ingress cidr, omitting the bastion.
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
Diffstat (limited to 'roles/static_inventory/templates')
| -rw-r--r-- | roles/static_inventory/templates/ssh-tunnel.service.j2 | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/roles/static_inventory/templates/ssh-tunnel.service.j2 b/roles/static_inventory/templates/ssh-tunnel.service.j2 new file mode 100644 index 000000000..0d1cf8f79 --- /dev/null +++ b/roles/static_inventory/templates/ssh-tunnel.service.j2 @@ -0,0 +1,20 @@ +[Unit] +Description=Set up ssh tunneling for OpenShift cluster UI +After=network.target + +[Service] +ExecStart=/usr/bin/ssh -NT -o \ + ServerAliveInterval=60 -o \ + UserKnownHostsFile=/dev/null -o \ + StrictHostKeyChecking=no -o \ + ExitOnForwardFailure=no -i \ + {{ private_ssh_key }} {{ ssh_user }}@{{ hostvars['bastion'].ansible_host }} \ + -L 0.0.0.0:{{ ui_port }}:{{ target_ip }}:{{ ui_port }} + + +# Restart every >2 seconds to avoid StartLimitInterval failure +RestartSec=5 +Restart=always + +[Install] +WantedBy=multi-user.target |