Get Tower login user from/to Job Template playbook

Hello all,

I need to send email notification from the underneath Job Template playbook to Ansible Tower login user who launches the Job (That is the “LAUNCHED BY” in Tower Job). I am not sure 1) how to retrieve the Anisble Tower login user from playbook, or 2) how to pass the login user info to the playbook from the Job Template. I tried to use {{ lookup(‘env’, “USER”) }} in playbook, that returns “awx”, and I am not sure Ansible Tower Me REST API endpoint will help here either.

Thanks for help in advance!

Cheers, QZ

QZ,

env USER is the UNIX user, not the API user. The AWX REST API endpoints will help here. The job endpoint records the user that created (i.e. launched) the job. Outline of what you’ll need to get the created_by user:

  1. What is the AWX job id of this running ansible playbook?
  2. Callback to the AWX API to get the user that triggered the job
  3. Auth while calling back to the API

1. What is the AWX job id of this running ansible playbook?
https://127.0.0.1:3251/api/v2/jobs/2/ ← But how do you get the job ID ? You already know how!

{{ lookup('env', "JOB_ID" }}

2. Callback to the AWX API

Many options:
(1) tower-cli
(2) ansible tower modules
(3) raw URI / curl calls

For ansible-tower modules you’ll want tower_job_list https://docs.ansible.com/ansible/2.5/modules/tower_job_list_module.html
Whichever you choose, you will request the job from step (1). The response will contain the username. i.e.:

    "summary_fields": {
        "created_by": {
            "id": 1,
            "username": "admin",
            "first_name": "",
            "last_name": ""
        },

3. Auth while calling back to the API

You can use the Ansible Tower credential and supply a username/password. When used on a job template, the environment variables TOWER_USERNAME, TOWER_PASSWORD, and TOWER_HOST are injected. But that shouldn’t matter because those env variables are what ansible tower modules and tower-cli expect so the auth should just work.

Wow, that is cool, thank you very much Christopher!

I didn’t know 1), but I checked, it works. I will probably use URI module for 2) since I already use URI to schedule tower job from Ansible playbook. I am trying to understand why you called out Auth for 3), and the environment variables. Are you saying I don’t need to provide a tower user name and password if I use tower modules or tower-cli? I thought I just need to have a tower account for the REST API.

Thanks again for the advice!
qz

The Tower credentials are a convenience. Without them, you could use ansible vault or hard-code them as extra variables. By using Tower Credentials, AWX will encrypt the password and ensure it isn’t exposed at API endpoints.

Thanks Christopher! That makes sense. I will try to explore how to use Tower Credentials from playbook, I haven’t seen it before. For REST API calls, I get token first by using a user name and password.

If you are trying to access the tower username in your playbook can’t you just use {{ tower_user_name }}?

Along with any extra variables set in the job template and survey, Tower automatically adds the following variables to the job environment:

  • tower_job_id: The Job ID for this job run
  • tower_job_launch_type: One of manual, callback, or scheduled to indicate how the job was started
  • tower_job_template_id: The Job Template ID that this job run uses
  • tower_job_template_name: The Job Template name that this job uses
  • tower_user_id: The user ID of the Tower user that started this job. This is not available for callback or scheduled jobs.
  • tower_user_name: The user name of the Tower user that started this job. This is not available for callback or scheduled jobs.

Hi,
Can you please give an example how can I use tower credentials into my playbook, I have a requirement to do this, and this discussion is the most I could relate too
Thanks

Hi,

AWX exposes several extra variables for that:

  • tower_user_email: The user email of the Tower user that started this job. This is not available for callback or scheduled jobs.
  • tower_user_first_name: The user’s first name of the Tower user that started this job. This is not available for callback or scheduled jobs.
  • tower_user_id: The user ID of the Tower user that started this job. This is not available for callback or scheduled jobs.
  • tower_user_last_name: The user’s last name of the Tower user that started this job. This is not available for callback or scheduled jobs.
  • tower_user_name: The user name of the Tower user that started this job. This is not available for callback or scheduled jobs.

https://docs.ansible.com/ansible-tower/latest/html/userguide/job_templates.html

Hi,

Is it possible to user tower login password into the playbook as well?