1

I need to use two different credentials for a single playbook in Ansible Tower Job-Template. In the playbook, I include two roles(one for Windows machine, one for Linux machine). While configuring the job-template, I have noticed that I am not able to select two machine credentials, hence the playbook fails.

I have found a solution here https://stackoverflow.com/a/55870311/4715624, which includes creating two Ansible vaults (with the same vault password) under host_vars folder and saving the passwords there. This solution works from the command line e.g. ansible-playbook -v test-multi-credential-playbook-in-ansible-tower.yml --ask-vault-pass

Then I have created a vault type credential in Ansible Tower and tried to run the corresponding job with the that credential. But this doesn't work (authentication problem). Can someone please show me the correct way to use multiple credentials for a single playbook in Ansible Tower? Or it's not possible at all in Ansible Tower?

UPDATE: My playbook looks like this:

---
- hosts: all
  gather_facts: true
  tasks: 
    - name: Include ping linux task
      include_role: 
        name: roles/linux
      when: ansible_os_family != "Windows"

    - name: Include ping windows task
      include_role: 
        name: roles/windows
      when: ansible_os_family == "Windows"
sumion
  • 137
  • 1
  • 2
  • 14

2 Answers2

3

This can be handled by creating a custom credential within Ansible Tower and assigning the credentials as host arguments.

  1. Create a credential of type with the following config-

INPUT CONFIGURATION:

fields:
  - type: string
    id: custom_user
    label: Username
  - secret: true
    type: string
    id: custom_pass
    label: Password
required:
  - custom_user
  - custom_pass

INJECTOR CONFIGURATION:

extra_vars:
  my_pass: '{{custom_pass}}'
  my_user: '{{custom_user}}'

  1. Create a windows credential for your env using the custom credential that you just created.

  2. Then in the Windows group of your inventory, you can define these credentials as group_vars/host_vars as following:

ansible_user: "{{ custom_user }}"
ansible_password: "{{ custom_pass }}"
Harkeet Bajaj
  • 54
  • 3
0

Use tag for each role and create two templates in Tower. Mention the passwords in credential in Template.

---
- hosts: all
  #become: yes
  roles:
  - role: role1
    tags: role1
  - role: role2
    tags: role2
Smily
  • 2,308
  • 2
  • 17
  • 41
  • Hi Asha, thanks for your answer. Could you please elaborate it please? Do you mean that I have to create a file called ```vault.yaml``` with the contents you have provided and then include that file in my playbook? If yes, what do I have to do then in Ansible Tower? – sumion Jul 18 '19 at 10:46
  • Create a file vault.yml with your password and then from ansible server execute `ansible-vault encrypt vault.yml` , then include it in your playbook. – Smily Jul 18 '19 at 12:14
  • Hi Asha, I have updated the question for you. As you can see I have a simple playbook, which includes two roles, one for windows and one for linux machine. Could you please give an example of ```vault.yml``` file? And then how I can use that in Ansible Tower? – sumion Jul 18 '19 at 14:56
  • I think what i am referring is different from your requirement.For your requirement,in tower, you can create two different templates and provide the passwords there. Use tag for each role and mention the tag in Tower template.Updated the answer. – Smily Jul 18 '19 at 15:22