Hi everyone, first time post here!
I’ve setup the VMware inventory plugin for Ansible, and have had success in retrieving inventory results both with plaintext credentials in the .vmware.yml file and with the file fully encrypted with ansible-vault.
Unfortunately storing the credentials in plain text is not viable, neither is encrypting the whole file.
After confirming that both the username and password fields in this inventory configuration file can be encrypted using ansible-vault, I attempted to do so - but I have been unable to get it to work.
Is there a particular trick to this?
The process I have followed so far is this:
- encrypt the password string:
ansible-vault encrypt_string - Paste the output of this into the .vmware.yml inventory file:
plugin: vmware_vm_inventory
strict: False
hostname: vcenter.fqdn.com
username: svcaccount@fqdn.com
password: !vault |
$ANSIBLE_VAULT;1.1;AES256
5 lines of digits…
validate_certs: False
with_tags: True
properties:
-
‘config.name’
-
‘config.guestId’
-
‘guest.ipAddress’
-
‘guest.hostName’
-
‘guest.toolsStatus’
-
‘summary.runtime.powerState’
hostnames: -
‘config.name’
filters: -
'summary.runtime.powerState == ‘poweredOn’
-
'guest.guestId == ‘rhel8_64Guest’ or 'config.guestId == ‘rhel9_64Guest’ or config.guestId == ‘ubuntu64Guest’
- Run ansible-inventory to test:
ansible-inventory --list -i inventory.vmware.yml --ask-vault-pass
The command fails with an error “Unable to logon to vCenter or ESXi API at xxxx.xxx.xxx:43 as xxxx: Cannot complete login due to an incorrect user name or password”.
If I change the encrypted password value to plaintext it works. If I encrypt the entire file it works.
Can anyone see anything that I am doing wrong?
Thank you!
Adam