This article is helpful in below operations.
- How to access credential (secret vault values) parameters stored in Ansible Tower within a playbook? (For example: Secrets, username, password, etc)
- How to use these variables when delegating to another host in the same playbook?
Resolution
For Machine Credential
You can get username and password parameters from Ansible facts:
vars:
machine:
username: '{{ ansible_user }}'
password: '{{ ansible_password }}'
For Ansible Tower Credential
You can get the host, username, and password parameters from a job runtime environment:
vars:
tower:
host: '{{ lookup("env", "TOWER_HOST") }}'
username: '{{ lookup("env", "TOWER_USERNAME") }}'
password: '{{ lookup("env", "TOWER_PASSWORD") }}'
For Network Credential
You can get username and password parameters from a job runtime environment:
vars:
network:
username: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'
For Red Hat Virtualization Credential
You can get RHV credential parameter from a job runtime environment:
vars:
ovirt:
ovirt_url: '{{ lookup("env", "OVIRT_URL") }}'
ovirt_username: '{{ lookup("env", "OVIRT_USERNAME") }}'
ovirt_password: '{{ lookup("env", "OVIRT_PASSWORD") }}'
For Amazon EC2 Credential
You can get aws credential parameter from a job runtime environment:
vars:
aws:
access_key: '{{ lookup("env", "AWS_ACCESS_KEY_ID") }}'
secret_key: '{{ lookup("env", "AWS_SECRET_ACCESS_KEY") }}'
security_token: '{{ lookup("env", "AWS_SECURITY_TOKEN") }}'
For VMware vCenter Credential
You can get VMware vCenter credential parameter from a job runtime environment:
vars:
vmware:
host: '{{ lookup("env", "VMWARE_HOST") }}'
username: '{{ lookup("env", "VMWARE_USER") }}'
password: '{{ lookup("env", "VMWARE_PASSWORD") }}'
For Google Compute Engine
You can get GCE credential parameter from a job runtime envirnment:
vars:
gce:
email: '{{ lookup("env", "GCE_EMAIL") }}'
project: '{{ lookup("env", "GCE_PROJECT") }}'
pem_file_path: '{{ lookup("env", "GCE_PEM_FILE_PATH") }}'
For Microsoft Azure Resource Manager
You can get Azure credential parameter from a job runtime environment:
vars:
azure:
client_id: '{{ lookup("env", "AZURE_CLIENT_ID") }}'
secret: '{{ lookup("env", "AZURE_SECRET") }}'
tenant: '{{ lookup("env", "AZURE_TENANT") }}'
subscription_id: '{{ lookup("env", "AZURE_SUBSCRIPTION_ID") }}'
Using "delegate_to" and Any Lookup Variable
- command: somecommand
environment:
USERNAME: '{{ lookup("env", "USERNAME") }}'
PASSWORD: '{{ lookup("env", "PASSWORD") }}'
delegate_to: somehost
Diagnostic Steps
The following playbook is an example of how to use Tower credentials in your playbook:
- hosts: all
vars:
machine:
username: '{{ ansible_user }}'
password: '{{ ansible_password }}'
tower:
host: '{{ lookup("env", "TOWER_HOST") }}'
username: '{{ lookup("env", "TOWER_USERNAME") }}'
password: '{{ lookup("env", "TOWER_PASSWORD") }}'
network:
username: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'
aws:
access_key: '{{ lookup("env", "AWS_ACCESS_KEY_ID") }}'
secret_key: '{{ lookup("env", "AWS_SECRET_ACCESS_KEY") }}'
security_token: '{{ lookup("env", "AWS_SECURITY_TOKEN") }}'
vmware:
host: '{{ lookup("env", "VMWARE_HOST") }}'
username: '{{ lookup("env", "VMWARE_USER") }}'
password: '{{ lookup("env", "VMWARE_PASSWORD") }}'
gce:
email: '{{ lookup("env", "GCE_EMAIL") }}'
project: '{{ lookup("env", "GCE_PROJECT") }}'
azure:
client_id: '{{ lookup("env", "AZURE_CLIENT_ID") }}'
secret: '{{ lookup("env", "AZURE_SECRET") }}'
tenant: '{{ lookup("env", "AZURE_TENANT") }}'
subscription_id: '{{ lookup("env", "AZURE_SUBSCRIPTION_ID") }}'
tasks:
- debug:
var: machine
- debug:
var: tower
- debug:
var: network
- debug:
var: aws
- debug:
var: vmware
- debug:
var: gce
- shell: 'cat {{ gce.pem_file_path }}'
delegate_to: localhost
- debug:
var: azure