Add support for bastion hosts

roles/bastion-ssh-config/templates/ssh-bastion.conf

@@ -0,0 +1,21 @@
+{% if has_bastion %}
+{% set vars={'hosts': ''} %}
+{% set user='' %}
+
+{% for h in groups['all'] %}
+{% if h != 'bastion' %}
+{% if vars.update({'hosts': vars['hosts'] + ' ' + hostvars[h]['ansible_ssh_host']}) %}{% endif %}
+{% endif %}
+{% endfor %}
+
+Host {{ bastion_ip }}
+  Hostname {{ bastion_ip }}
+  StrictHostKeyChecking no
+  ControlMaster auto
+  ControlPath ~/.ssh/ansible-%r@%h:%p
+  ControlPersist 5m
+
+Host {{ vars['hosts'] }}
+  ProxyCommand ssh -W %h:%p {{ real_user }}@{{ bastion_ip }}
+  StrictHostKeyChecking no
+{% endif %}