问题
I'm trying to implement a custom script in Ansible Tower to dynamically import an inventory. The custom script is basically written using Python and is interacting with a Windows 2012 Server which is acting as a domain controller (DC). When the script is executed from Ansible Tower, it pulls all the workstations from the DC and adds to the Ansible inventory. In doing so, I had to pass DC's login credentials in the Python script as a plain text, which is not desired. Hence was looking if there is a way to store credentials within Ansible Tower and pass those as variables in Python script.
When researching on this topic, basically found Custom Credential in a Custom Inventory Script, which is essentially defining as follows in Ansible Tower:
Under custom credentials in Ansible tower, INPUT CONFIGURATION:
{
"fields": [{
"id": "username",
"label": "<Username>",
"type": "string",
}, {
"id": "password",
"label": "<Password>",
"type": "string",
"secret": true
}],
}
Then, INJECTOR CONFIGURATION:
{
"env": {
"SAT_USERNAME": "{{username}}",
"SAT_PASSWORD": "{{password}}"
}
}
After saving the above in Ansible Tower, as far as my understanding goes, SAT_USERNAME
and SAT_PASSWORD
should be available within Ansible Tower. The above guide also indicates that these custom credentials can be accessible within Python script by defining as follows:
import os
username = os.environ.get("SAT_USERNAME")
password = os.environ.get("SAT_PASSWORD")
Nevertheless, when Python script is executed from Ansible Tower, it is not fetching either SAT_USERNAME
or SAT_PASSWORD
and therefore unable to successfully log into Windows DC.
I'm not sure if custom credentials are supposed to be available for Python or, only available for Ansible plays.
Any help would be highly appreciated.
回答1:
Finally, got the custom credentials to work with custom scripting. Short guide how to achieve this.
- Once the INPUT CONFIGURATION and INJECTOR CONFIGURATION are defined as given above, save it.
- From Settings, go to CREDENTIALS. Select, +ADD. Give a new name for the CREDENTIALS. Click on the look-up in CREDENTIAL TYPE. You should see the credential saved in the previous step.
- Now, the interesting bit. The Username and Password that were given as label in INPUT CONFIGURATION gets activated and is now available to accept field values. Specify the appropriate values and save it. This completes the credential part and was the vital piece of information that I missed.
- Under inventory, sources, the custom script can be selected and the credentials can be looked up. Here, the credentials saved in step 3 will be available.
When the custom script is synced, Python script should be able to get the environment variables without any issues.
来源:https://stackoverflow.com/questions/52698502/custom-credentials-in-ansible-tower-with-custom-python-script