Change OpenStack modules to read credentials from environment if not in parameters?

Archives Ansible Project
1

Today you have to specify user/password/tenant/url with every task. It would be nice if the modules could read these from the environment instead - it would make playbooks more concise. The EC2 module checks the environment if they are not passed as parameters.

The quantum CLI reads these:

$ quantum --help | grep Env
Authentication strategy (Env: OS_AUTH_STRATEGY,
Authentication URL (Env: OS_AUTH_URL)
Authentication tenant name (Env: OS_TENANT_NAME)
Authentication username (Env: OS_USERNAME)
Authentication password (Env: OS_PASSWORD)
Authentication region name (Env: OS_REGION_NAME)

Let me know if this would be accepted, before I start working on a patch.

2

Hi,

Just as a note that this can already be done simply by:

quantum_network: state=present login_username={{ lookup_plugin('env', 'OS_USERNAME') }} login_password={{ lookup_plugin('env', 'OS_PASSWORD') }}

Greetings,
gw

3

hi,

thanks - but that’s very long (and still needs login_tenant_name), and it has lots of brackets etc, and you would need it with every task. I think this looks better:

quantum_network: name=net1
quantum_subnet: name=sub1 network_name=net1 cidr=172.17.17.0/24

4

It’s much shorter if you save those to variables:

vars:
username = “{{ lookup(‘env’, ‘OS_USERNAME’) }}”

Also I should point out it is “lookup” not “lookup_plugin”.

I think there are plenty of reasons to not read this from the environment since you might be logging in as root or bob and needing a username of “openstack”.

However having it default to the current user in the module if not provided I am totally good with, I’d gladly expect a patch that made this happen for all of openstack_*, though we would also want
to make sure we tested all of the playbook in github.com/ansible to make sure it was good.

Thanks!

–Michael

5

of course it would be optional - just like it is with EC2:
https://github.com/ansible/ansible/blob/v1.2/library/cloud/ec2#L255

The easiest (and fastest) way would be to put the vars in the local environment and use local_action:

local_action: quantum_network name=net1

This change would only affect the OpenStack modules. Which playbook would need to be tested?

6

Here’s the main one we have:

https://github.com/ansible/ansible-redhat-openstack

(Upgrades to it are welcome!)

7

grand - I’ll see if I can get that going on vagrant/virtualbox first. I have been meaning to try it anyway.