At $job, we use an SSH bastion host to connect to our cloud environment. This
made using Test Kitchen a bit annoying. My previous way of
getting Test Kitchen to work involved putting a
ProxyCommand into my
which worked, sometimes, but was still annoying.
Eventually I stumbled into a completely undocumented function of test kitchen which solves this exact problem.
Turns out that kitchen has support for SSH bastion hosts built in, it’s just not
documented anywhere. Here’s what you need in your
--- driver: name: ec2 associate_public_ip: false interface: private transport: ssh_key: /path/to/id_rsa-aws username: ubuntu ssh_gateway: bastion.foo.com ssh_gateway_username: ubuntu
This lets you SSH to the private IP of the VM you are testing against, with the SSH connection going through the bastion host.
It should already be obvious, but
ssh_gateway is the IP or hostname of your
bastion host, and
ssh_gateway_username is the username used for SSH to the
bastion. In my use case, the bastion host and the private VM I’m testing against
use the same SSH key, so I didn’t get into a scenario where the bastion key is
different from the private VM key, YMMV there.