Without a doubt the topic that seems to confuse people the most when using Ansible Tower is working with Credentials. Especially how to pass multiple credentials from either an external Secret Management source (which we’ve looked at a few times here) or just defining some arbitrary set of credentials and using them in a template. I get emails about this topic from readers on a fairly regular basis and professionally . . .
A question that I’ve been approached about several times recently is how to lookup multiple Hashicorp Vault Secrets and assign them to a single Ansible Tower Credential for use in a Playbook. A while ago I looked at the process of integrating Hashicorp Vault with Ansible Tower (a less that perfect process in the first place) but this has repeatedly led to the same question about multiple Secrets, so in . . .
Recently I’ve been presented with the same question from a couple of readers so I’m going to run through it quickly. A while back I looked at integrating Azure KeyVault with Ansible Tower (a horribly documented scenario in my experience), but I didn’t really cover how to call multiple KeyVault Secrets and assign them to a single Ansible Tower Credential for use in a Playbook. Please take a look at . . .
Previously we’ve discussed the deployment of Docker containers to Azure and managing Scale Out of instances but not the use of Docker directly. The terminology of Docker has become a little confused of late as containers become the new hot topic, for clarity Docker itself is an application that can be used to create, manage and orchestrate containers, and it’s the orchestration that we’re going to be looking at in . . .
In my recent posts I’ve covered the hardened setup of Vault and covered the basics of using the REST API. As we’ve seen so far, Vault is primarily designed for programmatic interactions from external systems via the API, so lets take a look a favourite of mine; Ansible Tower, which is a prime candidate as a third party system which often has a requirement to call secrets from external systems. . . .
Recently we looked at integrating Ansible Tower with Hashicorp Vault, but I thought it would be worth taking a look at another popular Secrets management system, Azure Key Vault. Whilst the solution isn’t exactly the same using Azure Key Vault and Tower was my first time trying to integrate Ansible with a centralised Secrets repository, so let’s take a look at how to achieve the integration as it’s not very . . .
Following my look at integrating Ansible Tower with Windows, I thought I’d take a look at another common requirement that needs some slight tweaking (though not nearly to the extent of Windows), networking devices, specifically Cisco devices running IOS, ASA and NX-OS platforms. Networking – It’s Built In Unlike the additional layers of configuration that comes with Windows, the use of Cisco platforms is native to Ansible, however some steps . . .
Since the release of Ansible 1.7, way back in the forgotten era of 2014, Ansible can connect to Windows (2008 and higher) using remote PowerShell over that most finicky of mechanisms, WinRM. Red Hat are quick to sell the unilateral management capabilities of Ansible (which do exist), but under the hood we see a uniquely Windows problem. Ansible was built for SSH initially and because Microsoft as ever adopt a . . .
UPDATE: At the time I wrote this the Netbox Collection was still pretty immature, it isn’t anymore. If you’re trying to do a simple task then you probably just want to go and install the Netbox Collection from Ansible Galaxy and use the native Modules. You can find the Collection here! Ansible Tower and Netbox are two of my favourite tools, and their integration is seemingly painless on the surface . . .
One of Ansible’s most brilliant features is Privilege Escalation, the ability to enter the context of a more privileged user following an initial connection to either your local or remote node, however a bizarre little caveat in Tower I haven’t been able find documented anywhere and it refers to the use of a system account (by default named awx) on the localhost. What Is AWX Anyway? Floating around all over . . .