Configuring OpenStack Credentials for AWX (multidomain)

Hi everyone,

I’m having trouble configuring OpenStack credentials in AWX. Here’s the setup I’m working with:

I have the following domains:

+----------------------------------+------------------+---------+-------------------------------------------+
| ID                               | Name             | Enabled | Description                               |
+----------------------------------+------------------+---------+-------------------------------------------+
| da62b8127e234fb18eaafd7d52038e6e | XXX              | True    |                                           |
| default                          | Default          | True    | The default domain                        |
+----------------------------------+------------------+---------+-------------------------------------------+

The user awx_service belongs to the default domain:

openstack --insecure user show --domain default awx_service
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 3a2d32c9c418499899c31cf22d76c5dd |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | ff42557f8900444ab290e1ca5cd44d66 |
| name                | awx_service                      |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

The default_project_id refers to a project in the xxx domain:

openstack --insecure project show 3a2d32c9c418499899c31cf22d76c5dd
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | main xxx project infra           |
| domain_id   | da62b8127e234fb18eaafd7d52038e6e |
| enabled     | True                             |
| id          | 3a2d32c9c418499899c31cf22d76c5dd |
| is_domain   | False                            |
| name        | infra                            |
| options     | {}                               |
| parent_id   | da62b8127e234fb18eaafd7d52038e6e |
| tags        | []                               |
+-------------+----------------------------------+

I need to execute a task to list the baremetal nodes, for example:

openstack --insecure baremetal node list

I’ve written the following playbook for this purpose:

---
- name: Openstack - list baremetal nodes
  hosts: localhost
  gather_facts: no
  become: no
  vars:
  tasks:
    - name: Gather information about all baremeal nodes
      openstack.cloud.baremetal_node_info:
        validate_certs: false
      register: nodes

When I configured credentials using the matz user (which belongs to the xxx domain), everything worked perfectly. Here’s an example of that configuration in AWX:

image1456×502 24.2 KB

However, I now need to switch to using the awx_service user. Unfortunately, I’ve tried every possible combination of parameters in the AWX UI without success.

When I manually set the following environment variables via CLI, it works as expected:

declare -x OS_AUTH_URL="https://openstack-farm.local:5000"
declare -x OS_IDENTITY_API_VERSION="3"
declare -x OS_INTERFACE="public"
declare -x OS_PASSWORD="<REDACTED>"
declare -x OS_PROJECT_DOMAIN_ID="da62b8127e234fb18eaafd7d52038e6e"
declare -x OS_PROJECT_NAME="infra"
declare -x OS_REGION_NAME="RegionOne"
declare -x OS_USERNAME="awx_service"
declare -x OS_USER_DOMAIN_NAME="default"

Could someone help me configure these credentials properly in the AWX UI? What are the correct parameters for my use case?

Thank you in advance for your assistance!

I have the exact same problem, and it’s incredibly similar to what you’ve described. Has anyone managed to find a solution?