2

I am using AWX (open source Ansible Tower) and I have 2 cloud based linux machines I would like to manage with it.

The 2 Linux machines have 2 different private keys that I have uploaded to the credentials section of AWX UI.

Now I would like to use those uploaded private keys in a playbook or as a variable in one of the inventory files.

How can I do that?

(I saw a redhat article https://access.redhat.com/solutions/3332591 that might be useful, but it is locked unless I have an active RH subscription )

binithb
  • 153
  • 7
  • 2
    Why would you want to do that? – techraf Sep 11 '18 at 13:44
  • @techraf because I want to keep 2 separate private keys for those 2 machines and still be able to group them together in an inventory. In that case I need to somehow mention the (2 different ) credentials in the job template and I dont see a provision to do that in the job template. I think it is possible to associate the credentials with the hosts itself and hence I need a way to access those uploaded private keys as variables in the inventories section. Even if my assumptions are wrong (for this scenario) I am curious to know how to can I access the uploaded private keys as variables. – binithb Sep 12 '18 at 07:12
  • But private keys are used to identify the connecting side. Just having a private key in more than one place is already a bad security practice. – techraf Sep 12 '18 at 07:56
  • 1
    Which one do you mean is bad security practice? Is it the part about uploading private keys to AWX or the one about accessing uploaded private keys as variables? If the latter I will not be accessing it as plain text anywhere. Once it is uploaded to AWX it is not available to view. I am only looking to access it through a variable name (It will not be exposed to other users) in a secure way. AWX already allows to use uploaded keys to get access to respective machines using it's UI. I want to do the same from scripting, without exposing it. – binithb Sep 12 '18 at 08:22

1 Answers1

1

Apparently it could be done by using a hosts( or an inventory file with another name) from version control and importing that file using the "SOURCES" option of "inventories" tab in AWX.

Following is an example of this "hosts" file in version control

[jenkins_slaves]
slave1IP
slave2IP

[jenkins_master]
masterIP

[aws]
aws1IP
aws2IP

[all:vars]
ansible_user=common_user
ansible_ssh_private_key_file=/home/awx/.ssh/common_key.pem


[jenkins_slaves:vars]
ansible_user=james
ansible_ssh_private_key_file=/home/awx/.ssh/slaves_key.pem

[jenkins_master:vars]
ansible_user=bond
ansible_ssh_private_key_file=/home/awx/.ssh/master_key.pem

[aws:vars]
ansible_user=ubuntu

And ofcourse "common_key.pem" should not be kept in version control. It should be manually added to some local path on the AWX server

binithb
  • 153
  • 7