AWX support for variables files

AWX support for variables files.

I’m trying to figure out a way to pass a variables file to awx job template.

To be able to follow the GitOps approach and to centralize the configuration variables (I mean, I can run my ansible scripts through AWX but I can also need to run it manually, through jenkins or some other CI pipeline, …) I need to have the configurations in a single and central place, and then I should be able to run my ansible playbooks through multiple means always using the same latest version of configuration variables.

Is it possible to AWX load the variable files currently present in the same git repository as the ansible playbook into a job template?

Thanks in advance.

Unfortunately, there is no way to read a variables file into a Job Template the same way you would pass it as an arg to ansible-playbook on the commandline.

However, if, and this may be a big if, you define or run your Job Templates as code, you can populate the variables section of the Job with the contents of your variable file(s).

As an example, in your git project, you could add a jac_playbook.yml (job as code) that works something like this:

  tasks:
    - name: Create Job
      job_template:
        name: my_job
        job_type: run
        organization: my_org
        inventory: my_inv
        project: my_proj
        playbook: my_playbook.yml
        credentials:
          - "my machine credential"
          - "my other credential"
        state: present
        ask_extra_vars: true

    - name: Run Job
      job_launch:
        job_template: my_job
        extra_vars: "{{ lookup('file', './my_vars_file.txt') }}" 
      register: job

    - name: Wait Job
      job_wait:
        job_id: "{{ job.id }}"
        timeout: 120

While using FQCN is considered best-practice as a general rule of thumb, the above snippet would work with both the awx.awx or ansible.controller collections.

Take the time to review the documentation on their modules to tailor it to your needs. You may want other Job parameters to prompt for input, and those would need to be answered in the job_launch module.

Edit: Depending on what’s actually in your extra_vars, you might run into a security restriction in AWX that exists to prevent arbitrary code execution exploits. You can workaround this by setting the extra_vars directly in the job_template task and setting ask_extra_vars: false, then omitting the extra_vars in the job_launch task. This should avoid triggering the arbitrary code execution block, since you can’t modify the extra_vars at launch.

Like so:

tasks:
    - name: Create Job
      job_template:
        name: my_job
        job_type: run
        organization: my_org
        inventory: my_inv
        project: my_proj
        playbook: my_playbook.yml
        credentials:
          - "my machine credential"
          - "my other credential"
        state: present
        extra_vars: "{{ lookup('file', './my_vars_file.txt') }}" 
        ask_extra_vars: false

    - name: Run Job
      job_launch:
        job_template: my_job
      register: job

    - name: Wait Job
      job_wait:
        job_id: "{{ job.id }}"
        timeout: 120
4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.