Interactive mode is required for audits logs on bastion for security purpose. The problem with this feature is that it breaks TCP Forwarding andyou can't use tools like ansible to deploy/update tools onto instances of this ADP cluster.
You have two options to bypass that:
1- Deactivate interactive mode on bastion - Step-by-step guide
#ForceCommand /opt/bastion/bastion #AllowTcpForwarding no
This action is permanent. No code to force interactive mode at boot time.
systemctl restart sshd
Of course this deactivation can be done temporarily. An automated procedure based on Ansible for example can be setup to deactivate this interactive mode just for the time it takes to apply some changes:
2 - Create a new bastion - Step-by-step guide
This instance is not registered in Freeipa. So, DNS resolution and connection setup can take a long time.
If you use tools like Ansible to automate deployment, first you have to increase ssh connection timeout or add an entry with the private ip of this new bastion in all /etc/hosts of instances you want to connect to.
This is the link to the opensource code of the page generating the credentials. It should help you in designing what you need.
Hello, and for the generating password on the cluster part. I saw the code on your github. It is the code to create the passwords, but I didn't find the endpoint to send the passwords to my ovh servicename (analytics cluster id). Is this endpoint exists to send a post or put request?
<value>https://s3.<public cloud region>.cloud.ovh.net</value>