I have a particular use case where I would like to use the existing Credentials type for other things than the built in tasks.

Example

tower_job_template – create, update, or destroy Ansible Tower job template

It uses
tower_host
tower_user
tower_password

for the credentials. There is a AnsibleTower credential in AWX. Is this what the variables will be to map in the playbook?

The documentation at
https://docs.ansible.com/ansible-tower/latest/html/userguide/credentials.html#ansible-tower

doesnt have any hints on it.

Any help would be helpful. Thank you all.

Reading this section of the code:
https://github.com/ansible/awx/blob/devel/awx/main/models/credential/__init__.py#L1088

Looks like when using the credential type “Ansible Tower”, you can access the credentials in these environment variables

`
TOWER_HOST

TOWER_USERNAME

TOWER_PASSWORD

TOWER_VERIFY_SSL
`

Hi Sergio,

Thanks for the response. I am familiar with adding in extra-vars to reference a variable in a playbook, but with these environment variables…how will use it within a play to reference a variable? Is it more or less the same?

Thank you once again.

regards,

Wei-Yen

Oh, you can use the ‘env’ lookup to access the credential inside Ansible.

https://docs.ansible.com/ansible/latest/plugins/lookup/env.html#examples

ok thanks Sergio,

I;ll have a go experimenting with it. I am learning a ton

In your original email, you mentioned the Ansible module tower_job_template.

It was a specific design objective that the “Ansible Tower” credential type work with these modules. However, this has a few qualifiers.

If you run a playbook with a local connection, or delegate_to localhost (I think), then the environment variables present when you run the ansible-playbook command will be present when the task executes. This makes perfect sense in conjunction with using an “Ansible Tower” credential (inside of AWX), because the credential injects secrets needed to interact with the API. There’s no need to run these tasks on a remote host. However, if you do run on a remote host, those environment variables will no longer be present, and you need to get around that by using the lookup plugin, as mentioned.

Similar statements apply to most of the other “cloud” type credentials.

Thanks Alan! This provides more clarity about how it works. So what you are saying is that the enviroment variables present themselves on the local host in this case on the container.

I am presuming then the look up plugin will have to be captured on the local host using perhaps includes and then it can be used elsewhere in the play