Roman
(Roman)
July 20, 2020, 3:03pm
1
I want my AWX to pull git repository from my private repo in gitlab.com .
The choice is either SSH key or personal access token. I would prefer access token, so that I could configure read only access.
How to create token in GitLab: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
In AWX, I can add credential for GitLab https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#add-a-new-credential
My AWX v 11.2.0 gives me choice to add “GitLab Personal Access Token”
But when I create project, and use git for SCM, SCM Credentials choice is blank.
I can add ssh key and use it for git, but would prefer not to use ssh key.
Roman Terescenko (invizus@gmail.com) said:
I want my AWX to pull git repository from my private repo in gitlab.com.
The choice is either SSH key or personal access token. I would prefer
access token, so that I could configure read only access.
How to create token in GitLab:
https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
From the top of this doc:
You can also use personal access tokens with Git to authenticate over HTTP
or SSH. ... In both cases, you can authenticate with a token in place
of your password.
Ergo, use it as a password in a SCM credential.
Bill
Roman
(Roman)
July 21, 2020, 10:28am
3
Roman
(Roman)
July 21, 2020, 1:05pm
4
I may have misunderstood the purpose of tokens. https://www.ansible.com/blog/using-ansible-automation-platform-gitlab-ce-and-webhooks-to-deploy-iis-website
Then I will have no choice but to setup SSH access to git.
Roman
(Roman)
July 21, 2020, 1:09pm
5
If SSH is the only way to retrieve git into AWX, then this may not work with my security controls, allowing - outgoing ssh connections.
Hello,
When you create a project in AWX, make sure to use the HTTPS url from your Gitlab repository, that way AWX will use HTTPS and not SSH when cloning the repository.
But, if you don’t want to use SSH, how are you connecting to your inventory hosts to run Ansible?
Roman
(Roman)
July 22, 2020, 8:29am
7
I have figured it out. It is not ideal because API token is stored in clear and anyone with access to AWX can see it. I am not comfortable with this approach but looks like it is the only one apart from SSH key.
create personal access token with read_repository permissions: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
create project, SCM type: Git
paste URL, it should look like: https://gitlabusername:personal_access_token@gitlab.com/group/privateproject.git
Just clarifying Are you trying to do this as a awx project?
If I am right your gitlab token is just in the password of the credential object with your username being the same.
That’s how I have used my token currently. I have one on my user account because i use 2fa
That’s right, you store your token in the password field of a SCM credential and use that credential to update the project in AWX.
Roman
(Roman)
July 22, 2020, 9:14am
12
Thanks, that’s right, it worked for me.
I stored my personal access token in Credentials, credential type: Source Control