使用自定义Python脚本的Ansible Tower中的自定义凭据 [英] Custom credentials in Ansible Tower with Custom Python Script
问题描述
我正在尝试在Ansible Tower中实现自定义脚本以动态导入广告资源.自定义脚本基本上是使用Python编写的,并且正在与充当域控制器(DC)的Windows 2012 Server交互.当从Ansible Tower执行脚本时,它将把所有工作站从DC中拉出,并添加到Ansible库存中.为此,我不得不将DC的登录凭据作为纯文本传递到Python脚本中,这是不希望的.因此,我们一直在寻找是否有一种方法可以在Ansible Tower中存储凭据并将其作为变量传递给Python脚本.
I'm trying to implement a custom script in Ansible Tower to dynamically import an inventory. The custom script is basically written using Python and is interacting with a Windows 2012 Server which is acting as a domain controller (DC). When the script is executed from Ansible Tower, it pulls all the workstations from the DC and adds to the Ansible inventory. In doing so, I had to pass DC's login credentials in the Python script as a plain text, which is not desired. Hence was looking if there is a way to store credentials within Ansible Tower and pass those as variables in Python script.
在研究此主题时,基本上可以找到自定义清单脚本中的自定义凭据,在Ansible Tower中基本上定义如下:
When researching on this topic, basically found Custom Credential in a Custom Inventory Script, which is essentially defining as follows in Ansible Tower:
在Ansible塔式服务器中的自定义凭据下,输入配置:
Under custom credentials in Ansible tower, INPUT CONFIGURATION:
{
"fields": [{
"id": "username",
"label": "<Username>",
"type": "string",
}, {
"id": "password",
"label": "<Password>",
"type": "string",
"secret": true
}],
}
然后,注射器配置:
{
"env": {
"SAT_USERNAME": "{{username}}",
"SAT_PASSWORD": "{{password}}"
}
}
在Ansible Tower中保存以上内容后,据我所知,SAT_USERNAME和SAT_PASSWORD应该在Ansible Tower中可用.上面的指南还指出,通过定义以下内容,可以在Python脚本中访问这些自定义凭据:
After saving the above in Ansible Tower, as far as my understanding goes, SAT_USERNAME and SAT_PASSWORD should be available within Ansible Tower. The above guide also indicates that these custom credentials can be accessible within Python script by defining as follows:
import os
username = os.environ.get("SAT_USERNAME")
password = os.environ.get("SAT_PASSWORD")
尽管如此,当从Ansible Tower执行Python脚本时,它没有获取SAT_USERNAME或SAT_PASSWORD,因此无法成功登录Windows DC.
Nevertheless, when Python script is executed from Ansible Tower, it is not fetching either SAT_USERNAME or SAT_PASSWORD and therefore unable to successfully log into Windows DC.
我不确定自定义凭据是否应该用于Python或仅适用于Ansible剧本.
I'm not sure if custom credentials are supposed to be available for Python or, only available for Ansible plays.
任何帮助将不胜感激.
推荐答案
最后,获得了可用于自定义脚本的自定义凭据.简短说明如何实现此目标.
Finally, got the custom credentials to work with custom scripting. Short guide how to achieve this.
- 一旦定义了输入配置和喷射器配置 如上所述,保存它.
- 从设置"中,转到凭据".选择+ ADD.给一个新名字 凭证.单击凭据类型"中的查找.你应该 请参阅上一步中保存的凭据.
- 现在,有趣的一点.给出的用户名和密码 因为INPUT CONFIGURATION中的标签被激活并且现在可用 接受字段值.指定适当的值并保存. 这完成了凭证部分,并且是 我错过的信息.
- 在库存下,可以选择来源,自定义脚本,然后 可以查询凭据.在这里,步骤3中保存的凭据 将可用.
- Once the INPUT CONFIGURATION and INJECTOR CONFIGURATION are defined as given above, save it.
- From Settings, go to CREDENTIALS. Select, +ADD. Give a new name for the CREDENTIALS. Click on the look-up in CREDENTIAL TYPE. You should see the credential saved in the previous step.
- Now, the interesting bit. The Username and Password that were given as label in INPUT CONFIGURATION gets activated and is now available to accept field values. Specify the appropriate values and save it. This completes the credential part and was the vital piece of information that I missed.
- Under inventory, sources, the custom script can be selected and the credentials can be looked up. Here, the credentials saved in step 3 will be available.
自定义脚本同步后,Python脚本应该能够毫无问题地获取环境变量.
When the custom script is synced, Python script should be able to get the environment variables without any issues.
这篇关于使用自定义Python脚本的Ansible Tower中的自定义凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
