AWX on Docker minikube / Ansible-Vault question

feed-jake · February 23, 2024, 5:02pm

Complete “Noob” warning:

I’ve got my AWX running on a VMWare server in our test env. Installed and deployed with a docker/minikube instance. I’m running test playbooks from inside of AWX, and learning as I go. My noob question (and I have been poking around this “Get Help” section) is:
When I try to use Ansible command line from either the VM where all of my playbooks reside, or even after I ssh into the minikube guest VM, as the root user, or as the docker user… I don’t seem to be able to use any Ansible command line at all. I specifically would like to test out using Ansible-Vault to see how encrypting SSH keys with Ansible-Vault might go with some of my playbooks. So that’s my question should I install Ansible on the VM or inside the minikube container? Only asking because those ssh keys that (currently) live on the AWX controller server remain unencrypted. I could put a passphrase on them I suppose (and on some I have) but I am wondering about how to run Ansible-Commands on either the vm or the container VM, (if possible/advisable)?
Thank you much!

P.S. Also wondering …since passphrases, and ssh keys are already encrypted in AWX, if I still need to vault them on the server? Again it’s a testing environment, so not a huge deal at the moment but in a Prod env. We might need some other solutions. Thank you in advance!

TheRealHaoLiu · February 24, 2024, 3:19am

I just wrote something about using ansible vault in AWX. It’s just a short rambling but hopefully it helps GitHub - TheRealHaoLiu/demo-awx-vaulted-vars: How to use vaulted vars in AWX - a not very good guide

TheRealHaoLiu · February 24, 2024, 3:27am

In AWX ansible playbooks are executed via “execution environment” awx will prepare everything that’s need to run the playbook than pipe it into a job pod using the execution environment and that runs the playbook

You dont need to vault the ssh keys or any other credentials because they are access controlled within awx but if u want to add another layer of security vault is good option

Also like the example in the thing I linked earlier. if you some vars in your inventory source to be encrypted vault would be the right tool

feed-jake · February 25, 2024, 8:30pm

Awesome!! I’ll take a look at your GitHub post! Thank you!!

Topic		Replies	Views
Ansible AWX installation using awx-operator on Minikube Cluster running on RHEL8 VM Get Help awx	0	44	August 13, 2024
Unable to running shell command on target host Get Help awx , ee	2	341	February 19, 2024
AWX VM Executor Node Installed, do we need to perform the Ansible Modules installation on the AWX-EE Container also? Get Help awx , ee	2	294	April 3, 2024
Handle Vault credentials type in AWX Get Help awx , hashi-vault	1	585	December 14, 2023
Ansible AWX - Installation procedure Get Help awx , kubernetes , minikube	0	91	September 30, 2024

AWX on Docker minikube / Ansible-Vault question

Related Topics