Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Access credential parameters stored in Ansible Tower within a playbook

This article is helpful in below operations.

  • How to access credential (secret vault values) parameters stored in Ansible Tower within a playbook? (For example: Secrets, username, password, etc)
  • How to use these variables when delegating to another host in the same playbook?

Resolution

For Machine Credential

You can get username and password parameters from Ansible facts:

 
vars:
  machine:
    username: '{{ ansible_user }}'
    password: '{{ ansible_password }}'

For Ansible Tower Credential

You can get the host, username, and password parameters from a job runtime environment:

 
vars:
  tower:
    host: '{{ lookup("env", "TOWER_HOST") }}'
    username: '{{ lookup("env", "TOWER_USERNAME") }}'
    password: '{{ lookup("env", "TOWER_PASSWORD") }}'

For Network Credential

You can get username and password parameters from a job runtime environment:

 
vars:
  network:
    username: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
    password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'

For Red Hat Virtualization Credential

You can get RHV credential parameter from a job runtime environment:

 
vars:
  ovirt:
    ovirt_url: '{{ lookup("env", "OVIRT_URL") }}'
    ovirt_username: '{{ lookup("env", "OVIRT_USERNAME") }}'
    ovirt_password: '{{ lookup("env", "OVIRT_PASSWORD") }}'

For Amazon EC2 Credential

You can get aws credential parameter from a job runtime environment:

 
vars:
  aws:
    access_key: '{{ lookup("env", "AWS_ACCESS_KEY_ID") }}'
    secret_key: '{{ lookup("env", "AWS_SECRET_ACCESS_KEY") }}'
    security_token: '{{ lookup("env", "AWS_SECURITY_TOKEN") }}'

For VMware vCenter Credential

You can get VMware vCenter credential parameter from a job runtime environment:

 
vars:
  vmware:
    host: '{{ lookup("env", "VMWARE_HOST") }}'
    username: '{{ lookup("env", "VMWARE_USER") }}'
    password: '{{ lookup("env", "VMWARE_PASSWORD") }}'

For Google Compute Engine

You can get GCE credential parameter from a job runtime envirnment:

 
vars:
  gce:
    email: '{{ lookup("env", "GCE_EMAIL") }}'
    project: '{{ lookup("env", "GCE_PROJECT") }}'
    pem_file_path: '{{ lookup("env", "GCE_PEM_FILE_PATH") }}'

For Microsoft Azure Resource Manager

You can get Azure credential parameter from a job runtime environment:

 
vars:
  azure:
    client_id: '{{ lookup("env", "AZURE_CLIENT_ID") }}'
    secret: '{{ lookup("env", "AZURE_SECRET") }}'
    tenant: '{{ lookup("env", "AZURE_TENANT") }}'
    subscription_id: '{{ lookup("env", "AZURE_SUBSCRIPTION_ID") }}'

Using "delegate_to" and Any Lookup Variable

 
- command: somecommand
  environment:
    USERNAME: '{{ lookup("env", "USERNAME") }}'
    PASSWORD: '{{ lookup("env", "PASSWORD") }}'
  delegate_to: somehost

Diagnostic Steps

The following playbook is an example of how to use Tower credentials in your playbook:

 
- hosts: all

  vars:
    machine:
      username: '{{ ansible_user }}'
      password: '{{ ansible_password }}'
    tower:
      host: '{{ lookup("env", "TOWER_HOST") }}'
      username: '{{ lookup("env", "TOWER_USERNAME") }}'
      password: '{{ lookup("env", "TOWER_PASSWORD") }}'
    network:
      username: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
      password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'
    aws:
      access_key: '{{ lookup("env", "AWS_ACCESS_KEY_ID") }}'
      secret_key: '{{ lookup("env", "AWS_SECRET_ACCESS_KEY") }}'
      security_token: '{{ lookup("env", "AWS_SECURITY_TOKEN") }}'
    vmware:
      host: '{{ lookup("env", "VMWARE_HOST") }}'
      username: '{{ lookup("env", "VMWARE_USER") }}'
      password: '{{ lookup("env", "VMWARE_PASSWORD") }}'
    gce:
      email: '{{ lookup("env", "GCE_EMAIL") }}'
      project: '{{ lookup("env", "GCE_PROJECT") }}'
    azure:
      client_id: '{{ lookup("env", "AZURE_CLIENT_ID") }}'
      secret: '{{ lookup("env", "AZURE_SECRET") }}'
      tenant: '{{ lookup("env", "AZURE_TENANT") }}'
      subscription_id: '{{ lookup("env", "AZURE_SUBSCRIPTION_ID") }}'

  tasks:
    - debug:
        var: machine

    - debug:
        var: tower

    - debug:
        var: network

    - debug:
        var: aws

    - debug:
        var: vmware

    - debug:
        var: gce

    - shell: 'cat {{ gce.pem_file_path }}'
      delegate_to: localhost

    - debug:
        var: azure

Go Back

Comment

Blog Search

Page Views

11182865

Follow me on Blogarama