GitLab + AWX questions

gothsome · March 13, 2024, 9:34am

Hello!
I still have problems to get a file from GitLab to a host.

I try to dl the file but get the message access denied:
HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password.
Playbook:

---
- name: Download with PAT
  hosts: all
  become: true

  vars:
    gitlab_user: "{{ 'GITLAB_USER' }}"
    gitlab_token: "{{ 'GITLAB_TOKEN' }}"
    git_repo: "https://git.gruen.net/awx_gruen/playbooks.git"

  tasks:
    - name: clone from repo to tmp
      ansible.builtin.git:
        repo: "https://{{ gitlab_user }}:{{ gitlab_token }}@{{ git_repo | regex_replace('https://', '') }}"
        dest: "/tmp/"
        version: "dev"
        force: yes
        accept_hostkey: yes

i use the PAT as token var and can auth with this data co clone the git with:

git clone https://git.gruen.net/awx_gruen/playbooks.git /tmp/

I replaced the PAT value once to make shure.
And how could i download just a singlie file:
https://git.gruen.net/awx_gruen/playbooks/-/blob/dev/linux_playbooks/fusion_inventory/agent.cfg?ref_type=heads

And i have read about the possibillity to use a webhoock to trigger a project sync if there has been an change in the files.

I have seen two versions:
One from the official guide where you enable a webhoock in a Template and enter there the webhoock data - i think this i just for messaging if the template has been run or propably data from it to the GitLab(?)

The other one uses the service Webhoock but i dont get how the AWX is actepting the request to sync the project in this version.

Thank you again for your input!!

gothsome · March 14, 2024, 10:44am

I got now a functional playbook to clone the repo:

---
- name: Download with PAT
  hosts: all
  become: true

  tasks:
    - name: check for /tmp/git
      ansible.builtin.file:
        path: "/tmp/git"
        state: directory
        mode: '0755'

    - name: clone from repo to tmp
      ansible.builtin.git:
        repo: "https://{{ GITLAB_USER | urlencode() }}:{{ GITLAB_TOKEN | urlencode() }}@git.gruen.net/awx_gruen/playbooks.git"
        dest: "/tmp/git"
        version: "dev"
        force: yes
        accept_hostkey: yes

Incrediblestorm · June 15, 2024, 12:40am

You might look at setting header values. Our instance has the same response, and I believe the method to get around it is to create a project token and use the headers.
I just got through an issue like this, with downloading an archive file of a repo, but it should be the same for your single file case.

PRIVATE-TOKEN: glpat-blahblahblah

Would be the header. You might have to download it via get_url though.

utoddl · June 15, 2024, 1:52am

You could also look at using gitlab runners to vet the merge, either before, or after, or both (ansible-lint and such), and let the runner notify AWX to pull when it passes your criteria. We do a little of that, but we mostly use Jenkins — it was set up and working before we knew about gitlab runners, and it still works fine.

Topic		Replies	Views
Extra_vars and env variables empty Get Help	12	318	April 13, 2024
AWX Template Jobs fail with Permission denied Get Help awx , playbook , ubuntu , update	7	766	September 15, 2023
Getting an error "Could not resolve host: gitlabce.tools.aws.vodafone.com" while trying to sync with Gitlab Get Help awx , github , synchronize , gitlab , git	7	655	September 29, 2023
AWX only one playbook in Dopdown menu Get Help awx	7	198	March 7, 2024
We have Gitlab, and I'm curious how other people are using it with AWX/AAP, Molecule, and CICD Get Help awx , molecule , windows , gitlab , ee	7	372	June 29, 2024

GitLab + AWX questions

Related topics