0

The job template has an option for "Prompt on Launch" for credentials.

image

I want to pass the credentials name using extra vars. I'm launching these jobs through manageIQ and so I want the user to select the credentials and manageIQ should pass it as extra vars to AWX Tower.

image

Any idea what is the parameter for it? For example, in order to pass ssh username, we use "ansible_ssh_user". I expect something similar is there for credentials? If that's possible would the value for the extra vars be just the credentials name?

I tried ansible_private_key_file as the extra vars name with the value Zabbix but I get the error that no such file exists (Zabbix).

My workaround right now is to store the ssh_key_file inside AWX container and when launching the job we set the ansible_private_key_file to /tmp/test.pem. But we actually want to select the name of the credentials from AWX tower instead of storing the keys inside the container.

user630702
  • 2,529
  • 5
  • 35
  • 98

1 Answers1

1

Any idea what is the parameter for it? ... I expect something similar is there for credentials? If that's possible would the value for the extra vars be just the credentials name?

According Ansible Tower documentation Credentials you can make (additional) credentials available via variable names and facts.

For Machine Credential you can get username and password parameters directly from facts:

vars:
  machine:
    username: '{{ ansible_user }}'
    password: '{{ ansible_password }}'

For Network Credential which I use additionally in some playbooks I get username and password parameters from the job runtime environment via

vars:
  network:
    username: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
    password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'

since currently there is no other way to specify two different Machine Credentials in one Job Template. Other Credential Names are listed in the documentation too.

To inject further credentials you could use

extra_vars:
  my_pass: '{{ my_pass }}'
  my_user: '{{ my_user }}'

and access them with

ansible_user: "{{ my_user }}"
ansible_password: "{{ my_pass }}"

Even the direct way is working

ansible test --extra-vars="ansible_user=${ACCOUNT} ansible_password=${PASSWORD}" --become --module-name shell --args "echo $(hostname)"

to make a connection. So in your case, your extra variables could be

---
ansible_user: USER
ansible_password: PASSWORD

or

--extra-vars="ansible_user=USER ansible_password=PASSWORD"

Thanks to

U880D
  • 8,601
  • 6
  • 24
  • 40
  • Is there no way to call `zabbix` creds directly? That zabbix creds is actually a SSH key for AWS key pair. The examples you have showed means that I have to specify username and password or maybe ssh_key. But I want to invoke the creds saved inside awx tower (example: Zabbix) – user630702 Feb 08 '22 at 09:34
  • example: Extra vars would be like `tower_credentials = Zabbix` – user630702 Feb 08 '22 at 09:36
  • @John, according your screenshot the "Zabbix" credentials are stored as of type Machine Credentials. You could also try to introduce [Custom Credentials](https://docs.ansible.com/ansible-tower/latest/html/userguide/credential_types.html). However, according your comment and further description, you like to access credentials from within the Tower Environment. To do so, a playbook needs to be running already. What might work is, providing any credentials and overwrite `ansible_user` and `ansible_password` at runtime. – U880D Feb 08 '22 at 09:48