使用自定义 Python 脚本在 Ansible Tower 中自定义凭据 [英] Custom credentials in Ansible Tower with Custom Python Script
问题描述
我正在尝试在 Ansible Tower 中实现自定义脚本以动态导入库存.自定义脚本基本上是使用 Python 编写的,并且与充当域控制器 (DC) 的 Windows 2012 Server 交互.当从 Ansible Tower 执行脚本时,它会从 DC 中提取所有工作站并添加到 Ansible 清单中.这样做时,我必须在 Python 脚本中以纯文本形式传递 DC 的登录凭据,这是不希望的.因此,正在寻找是否有办法在 Ansible Tower 中存储凭据并将其作为变量传递到 Python 脚本中.
I'm trying to implement a custom script in Ansible Tower to dynamically import an inventory. The custom script is basically written using Python and is interacting with a Windows 2012 Server which is acting as a domain controller (DC). When the script is executed from Ansible Tower, it pulls all the workstations from the DC and adds to the Ansible inventory. In doing so, I had to pass DC's login credentials in the Python script as a plain text, which is not desired. Hence was looking if there is a way to store credentials within Ansible Tower and pass those as variables in Python script.
在研究这个话题时,基本上发现了Custom Credential in a Custom Inventory Script,其中本质上在 Ansible Tower 中定义如下:
When researching on this topic, basically found Custom Credential in a Custom Inventory Script, which is essentially defining as follows in Ansible Tower:
在 Ansible 塔中的自定义凭据下,输入配置:
Under custom credentials in Ansible tower, INPUT CONFIGURATION:
{
"fields": [{
"id": "username",
"label": "<Username>",
"type": "string",
}, {
"id": "password",
"label": "<Password>",
"type": "string",
"secret": true
}],
}
然后,注射器配置:
{
"env": {
"SAT_USERNAME": "{{username}}",
"SAT_PASSWORD": "{{password}}"
}
}
在 Ansible Tower 中保存上述内容后,据我所知,SAT_USERNAME 和 SAT_PASSWORD 应该可以在 Ansible Tower 中使用.上述指南还表明,这些自定义凭据可以通过如下定义在 Python 脚本中访问:
After saving the above in Ansible Tower, as far as my understanding goes, SAT_USERNAME and SAT_PASSWORD should be available within Ansible Tower. The above guide also indicates that these custom credentials can be accessible within Python script by defining as follows:
import os
username = os.environ.get("SAT_USERNAME")
password = os.environ.get("SAT_PASSWORD")
然而,当从 Ansible Tower 执行 Python 脚本时,它不会获取 SAT_USERNAME 或 SAT_PASSWORD,因此无法成功登录到 Windows DC.
Nevertheless, when Python script is executed from Ansible Tower, it is not fetching either SAT_USERNAME or SAT_PASSWORD and therefore unable to successfully log into Windows DC.
我不确定自定义凭据是否可用于 Python 或仅可用于 Ansible 播放.
I'm not sure if custom credentials are supposed to be available for Python or, only available for Ansible plays.
任何帮助将不胜感激.
推荐答案
最后,获得了使用自定义脚本的自定义凭据.如何实现这一目标的简短指南.
Finally, got the custom credentials to work with custom scripting. Short guide how to achieve this.
- 一旦定义了 INPUT CONFIGURATION 和 INJECTOR CONFIGURATION如上所述,保存它.
- 从设置"中,转到凭据".选择,+添加.给一个新名字凭据.单击 CREDENTIAL TYPE 中的查找.你应该查看在上一步中保存的凭据.
- 现在,有趣的一点.给定的用户名和密码因为 INPUT CONFIGURATION 中的标签被激活并且现在可用接受字段值.指定适当的值并保存.这完成了凭证部分并且是重要的部分我错过的信息.
- 在清单、来源下,可以选择自定义脚本并可以查询凭据.在这里,在步骤 3 中保存的凭据将可用.
当自定义脚本同步后,Python 脚本应该能够毫无问题地获取环境变量.
When the custom script is synced, Python script should be able to get the environment variables without any issues.
这篇关于使用自定义 Python 脚本在 Ansible Tower 中自定义凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
