Credentials
Credentials are utilized for authentication when launching Jobs against machines, synchronizing with inventory sources, and importing project content from a version control system.
You can grant users and teams the ability to use these credentials, without actually exposing the credential to the user.
Custom Credentials
Although a growing number of credential types are already available, it is possible to
define additional custom credential types that works in ways similar to existing ones.
For example, you could create a custom credential type that injects an API token for a third-party web service into an environment variable, which your playbook or custom inventory script could consume.
For example, to provide login credentials for plugins and modules of the Dell EMC OpenManage Enterprise Collection you need to create a custom credential, as no existing credentials type is available.
You can set the environment variables OME_USERNAME
and OME_PASSWORD
by creating a new AAP credentials type.
In the left navigation bar, choose Credential Types and click Add, besides the name you need to fill two fields:
Configuration | Description |
---|---|
Input | Which input fields you will make available when creating a credential of this type. |
Injector | What your credential type will provide to the playbook |
fields:
- type: string
id: username
label: Username
- type: string
id: password
label: Password
secret: true
required:
- username
- password
Warning
You are responsible for avoiding collisions in the extra_vars
, env
, and file namespaces. Also, avoid environment variable or extra variable names that start with ANSIBLE_
because they are reserved.
Save your credential type, create a new credential of this type and attach it to the Job template with the playbook targeting the OpenManage Enterprise API.
An example task may look like this:
- name: Retrieve basic inventory of all devices
dellemc.openmanage.ome_device_info:
hostname: "{{ ansible_host }}"
username: "{{ lookup('env', 'OME_USERNAME') }}"
password: "{{ lookup('env', 'OME_PASSWORD') }}"
Tip
Depending on the module used, you may leave out the username
and password
key, environment variables are evaluated first. Take a look at the module documentation if this is possible, otherwise use the lookup plugin as shown above.
Additional information can be found in the Ansible documentation.
Automation and templating
Creating a custom credential with a playbook can be tricky as you need to provide the special, reserved curly braces character as part of the Injector Configuration.
During the playbook run, Ansible will try to template the values which will fail as they are undefined (and you want the literal string representation anyway). Therefore, prefix the values with !unsafe
to prevent templating the values.
- name: Create custom Credential type for DELL OME
awx.awx.credential_type:
name: Dell EMC OpenManage Enterprise
description: Sets environment variables for logging in to OpenManage Enterprise
inputs:
fields:
- id: username
type: string
label: Username
- id: password
type: string
label: Password
secret: true
required:
- username
- password
injectors:
env:
OME_PASSWORD: !unsafe "{{ password }}"
OME_USERNAME: !unsafe "{{ username }}"
Take a look at Disable variable templating for additional information.