...

You can use Items from the EWC Community Hub to configure, among other things, existing compute instances. This guide walks you through the steps needed to run an Item of the Ansible Playbook sort Technology from your local work environment, namely the the SSH Bastion Flavour, as to configure convert a generic Rocky Linux VM as an into an  SSH bastion server, with Fail2ban for added security.

...

• Pre-existing VM: Rocky Linux 9.5 or 8.10, ≥4 GB RAM with a public IP address attached to it. You may create one via any of the available methods (order top to bottom from older to newer):

  • Morpheus UI

  OR

  •  OpenStack CLI
  OR
  • Terraform/OpenTofu 

...

• • Comminity Hub Item (Terraform under the hood)

• SSH access: In this example, by impersonating the default Linux account of EWC's Rocky Linux VM images via a valid SSH keypair (public key shared with the target VM).

• Work environment equipped with:

  • Git ≥ 2.0
  • Python ≥ 3.9
  • Ansible ≥ 2.15

You can verify versions installed in your workspace with:

$ git --versions

$ python3 --version

$ 
ansible --version

If any of the above raises an error, or the version is older than recommended, install/update via your package manager of preference. You can also follow the official Ansible documentation for OS-specific installation steps.

...

Find the Item's detail page on the EWC Community Hub Dashboard by visiting https://europeanweather.cloud/community-hub/ssh-bastion-flavour.  Once on the detailed page, pay attention to the following:

• Item version: 1.0.0 (as of Sep. 10th, 2025 )
• Item Repository: URL to the source (hosted on GitHub in this case)

Image Removed

(Item Detailed Page)

By clicking on the "Repository" button , you(see Dashboard Overview for an overview of the relevant information displayed on the Item detailed page). You'll get redirected to GitHub. Use the command documented on the home of the repository to clone it to your local work environment. In this example, we run:

$ git clone https://github.com/ewcloud/ewc-ansible-playbook-flavours-and-provisioning.git

Change to the root directory of the Item's source:

$ cd ewc-ansible-playbook-flavours-and-provisioning/playbooks/ssh-bastion-flavour

And checkout the correct version of the code to ensure you deploy the Item which has been vetted:

$ git checkout 1.0.0

2. Install Item Dependencies

Download any Ansible Roles required by the Item:

$ ansible-galaxy role install -r requirements.yml

...

While still on the root directory of the Item's source, create an inventory.yml file describing the VM you want to configure. Take the example below, but make sure to replace value with your own VM IP and SSH private key details.:

# inventory.yml
---
ewcloud:
  hosts:
    ssh_bastion:
      ansible_python_interpreter: /usr/bin/python3
      ansible_host: 135.196.111.255 # <- REPLACE WITH CORRECT PUBLIC IP OF TARGET HOST
      ansible_ssh_private_key_file: ~/.ssh/id_rsa # <- REPLACE WITH CORRECT PATH TO PRIVATE KEY IN LOCALHOST
      ansible_user: cloud-user
      ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new

...

Copy and past the following command, and hit enter to execute:

$ ansible-playbook -i inventory.yml ssh-bastion-flavour.yml

...

You can avoid input prompting altogether, by passing input variables inline at the time of running the playbook. Use the --extra-vars or -e argument flags. For the example at hand, one could add:

$ ansible-playbook -i inventory.yml -e '{"whitelisted_ip_ranges": ["10.0.0.0/24"]}' ssh-bastion-flavour.yml 

4.2. (Optional) Update Inputs & Re-run

...

ansible-playbook \
  -i inventory.yml \
  --extra-vars -e '{"whitelisted_ip_ranges=''" \
 : ""}' ssh-bastion-flavour.yml

This will trigger the reconfiguration of your target VM, to remove all IP addresses from the Fail2Ban whitelist.

Conclusion

That is all!

Best Practices

• If unsure, leave whitelisted_ip_ranges unset, or add only trusted networks.

• Test on a staging VM before production rollout.
• Dry run before applying changes:

$ ansible-playbook --check ssh-bastion-flavour.yml

...