Cannot use Gitlab personal access token for SCM

,

I want my AWX to pull git repository from my private repo in gitlab.com.

The choice is either SSH key or personal access token. I would prefer access token, so that I could configure read only access.

How to create token in GitLab: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token

In AWX, I can add credential for GitLab https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#add-a-new-credential

My AWX v 11.2.0 gives me choice to add “GitLab Personal Access Token”
But when I create project, and use git for SCM, SCM Credentials choice is blank.

I can add ssh key and use it for git, but would prefer not to use ssh key.

Roman Terescenko (invizus@gmail.com) said:

I want my AWX to pull git repository from my private repo in gitlab.com.

The choice is either SSH key or personal access token. I would prefer
access token, so that I could configure read only access.

How to create token in GitLab:
https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token

From the top of this doc:

  You can also use personal access tokens with Git to authenticate over HTTP
  or SSH. ... In both cases, you can authenticate with a token in place
  of your password.

Ergo, use it as a password in a SCM credential.

Bill

What is “GitLab Personal Access Token” used for? I cannot find any other use for it in AWX.

https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#gitlab-personal-access-token

I may have misunderstood the purpose of tokens. https://www.ansible.com/blog/using-ansible-automation-platform-gitlab-ce-and-webhooks-to-deploy-iis-website

Then I will have no choice but to setup SSH access to git.

If SSH is the only way to retrieve git into AWX, then this may not work with my security controls, allowing - outgoing ssh connections.

Hello,

When you create a project in AWX, make sure to use the HTTPS url from your Gitlab repository, that way AWX will use HTTPS and not SSH when cloning the repository.
But, if you don’t want to use SSH, how are you connecting to your inventory hosts to run Ansible?

I have figured it out. It is not ideal because API token is stored in clear and anyone with access to AWX can see it. I am not comfortable with this approach but looks like it is the only one apart from SSH key.

  1. create personal access token with read_repository permissions: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#creating-a-personal-access-token
  2. create project, SCM type: Git
  3. paste URL, it should look like: https://gitlabusername:personal_access_token@gitlab.com/group/privateproject.git

Just clarifying Are you trying to do this as a awx project?

Yes

If I am right your gitlab token is just in the password of the credential object with your username being the same.

That’s how I have used my token currently. I have one on my user account because i use 2fa

That’s right, you store your token in the password field of a SCM credential and use that credential to update the project in AWX.

Thanks, that’s right, it worked for me.

I stored my personal access token in Credentials, credential type: Source Control