I need to send email notification from the underneath Job Template playbook to Ansible Tower login user who launches the Job (That is the “LAUNCHED BY” in Tower Job). I am not sure 1) how to retrieve the Anisble Tower login user from playbook, or 2) how to pass the login user info to the playbook from the Job Template. I tried to use {{ lookup(‘env’, “USER”) }} in playbook, that returns “awx”, and I am not sure Ansible Tower Me REST API endpoint will help here either.
env USER is the UNIX user, not the API user. The AWX REST API endpoints will help here. The job endpoint records the user that created (i.e. launched) the job. Outline of what you’ll need to get the created_by user:
What is the AWX job id of this running ansible playbook?
Callback to the AWX API to get the user that triggered the job
Auth while calling back to the API
1. What is the AWX job id of this running ansible playbook? https://127.0.0.1:3251/api/v2/jobs/2/ ← But how do you get the job ID ? You already know how!
{{ lookup('env', "JOB_ID" }}
2. Callback to the AWX API
Many options:
(1) tower-cli
(2) ansible tower modules
(3) raw URI / curl calls
You can use the Ansible Tower credential and supply a username/password. When used on a job template, the environment variables TOWER_USERNAME, TOWER_PASSWORD, and TOWER_HOST are injected. But that shouldn’t matter because those env variables are what ansible tower modules and tower-cli expect so the auth should just work.
Wow, that is cool, thank you very much Christopher!
I didn’t know 1), but I checked, it works. I will probably use URI module for 2) since I already use URI to schedule tower job from Ansible playbook. I am trying to understand why you called out Auth for 3), and the environment variables. Are you saying I don’t need to provide a tower user name and password if I use tower modules or tower-cli? I thought I just need to have a tower account for the REST API.
The Tower credentials are a convenience. Without them, you could use ansible vault or hard-code them as extra variables. By using Tower Credentials, AWX will encrypt the password and ensure it isn’t exposed at API endpoints.
Thanks Christopher! That makes sense. I will try to explore how to use Tower Credentials from playbook, I haven’t seen it before. For REST API calls, I get token first by using a user name and password.
Hi,
Can you please give an example how can I use tower credentials into my playbook, I have a requirement to do this, and this discussion is the most I could relate too
Thanks