How to use Ansible Tower login credentials in playbook?

Question

Is it possible to use the credentials which I used to login into the Ansible Tower directly in a playbook?

Answer 1

Yes, you can make it by saving your credential with the "Ansible Tower" credential type on your Ansible Tower.

From Ansible Tower UI, go to Credentials -> New Credential, and select the credential type as "Ansible Tower"

This credential type takes three inputs, which are hostname, username, and password. After you save the credential and add it to your job template as a credential, you can invoke them from your playbook like this:

---
- name: Trigger an Atower API
  hosts: localhost
  connection: local

  vars:

    tower_host: '{{ lookup("env", "TOWER_HOST") }}'
    tower_username: '{{ lookup("env", "TOWER_USERNAME") }}'
    tower_password: '{{ lookup("env", "TOWER_PASSWORD") }}'

  tasks:

  - name: Some tasks that can be achieved through "{{ apiEndpoint }}"
    uri:
      url: "{{ tower_host }}{{ apiEndpoint }}"
      method: GET
      url_username: "{{ tower_username }}"
      url_password: "{{ tower_password }}"
      force_basic_auth: yes
      validate_certs: False
    register: output

By the way, during looking for the right injection values for this case, I found the other values too for different credential types. Here you can obtain them:

  vars:
    machine:
      username: '{{ ansible_user }}'
      password: '{{ ansible_password }}'
    network:
      username: '{{ lookup("env", "ANSIBLE_NET_USERNAME") }}'
      password: '{{ lookup("env", "ANSIBLE_NET_PASSWORD") }}'
    aws:
      access_key: '{{ lookup("env", "AWS_ACCESS_KEY_ID") }}'
      secret_key: '{{ lookup("env", "AWS_SECRET_ACCESS_KEY") }}'
      security_token: '{{ lookup("env", "AWS_SECURITY_TOKEN") }}'
    vmware:
      host: '{{ lookup("env", "VMWARE_HOST") }}'
      username: '{{ lookup("env", "VMWARE_USER") }}'
      password: '{{ lookup("env", "VMWARE_PASSWORD") }}'
    gce:
      email: '{{ lookup("env", "GCE_EMAIL") }}'
      project: '{{ lookup("env", "GCE_PROJECT") }}'
    azure:
      client_id: '{{ lookup("env", "AZURE_CLIENT_ID") }}'
      secret: '{{ lookup("env", "AZURE_SECRET") }}'
      tenant: '{{ lookup("env", "AZURE_TENANT") }}'
      subscription_id: '{{ lookup("env", "AZURE_SUBSCRIPTION_ID") }}'
    rhev:
       ovirt_url: '{{ lookup("env", "OVIRT_URL") }}'
       ovirt_username: '{{ lookup("env", "OVIRT_USERNAME") }}'
       ovirt_password: '{{ lookup("env", "OVIRT_PASSWORD") }}'

Lastly, if you would like to do more flexible injections to your playbooks, you may check this link:

• Ansible Tower Custom Credential Types