Deployed containerized AAP 2.5 on a linux host. Hashicorp vault is also deployed as a container in the same network range.
Downloaded community.hashi_vault ansible collection and uploaded into AAP UI. I have checked it under Automation content → Collections, hashi_vault is available there.
Now, I have created playbook to fetch secrets from hashicorp vault.
I have created projects and defined a gitlab repo where I have placed my playbooks.
Chosen default execution environments to run my playbook, pass vault_addr and vault_token as an env variables.
Issues:-
While running my job templates, I am getting below errors
-ERROR! couldn't resolve module/action 'community.hashi_vault.vault_kv2_get'. This often indicates a misspelling, missing collection, or incorrect module path.
Did anyone have idea how to fix it? I have tried many ways each way getting some error. Do I need install pip hvac on the execution environment in order to use vault in my playbook. If it is, how shall I implement there?
I’m not familiar with how AAP does things, but typically if a project in AWX needs to utilize a collection, it has to be called out in collections/requirements.yml in the code repository for your project and by extension the job template.
---
collections:
- name: community.hashi_vault
I see Ansible Galaxy is on the public galaxy, so if you want to use your private galaxy, you’d probably need to point it there explicitly.
Sorry if this info isn’t relevant to you, but I figure it’s worth sharing since AAP is based on AWX and I didn’t see this info in your post as something you tried.
Thanks for your info. I have tried that method as well, created collections/ requirements.yml and mentioned about vault collection there. In this scenario, my project sync is failing if i removed collection dir from repo, it is working fine. I dont understand the cause behind that.
Getting kind of depreciation warning for Ansible collection path. Should it be any issue if i run everying in a private network. I mean internet is not available in the ansi ble server
I am getting below errors while project sync if I specify requirements.yml in the repo.
TASK [Fetch galaxy collections from collections/requirements.(yml/yaml)] *******
28
fatal: [localhost]: FAILED! => {"changed": true, "cmd": ["ansible-galaxy", "collection", "install", "-r", "/home/aapinst/aap/controller/data/projects/_11__vault_test/collections/requirements.yml"], "delta": "0:03:00.816566", "end": "2025-01-13 20:16:04.849047", "msg": "non-zero return code", "rc": 1, "start": "2025-01-13 20:13:04.032481", "stderr": "[DEPRECATION WARNING]: ANSIBLE_COLLECTIONS_PATHS option, does not fit var \nnaming standard, use the singular form ANSIBLE_COLLECTIONS_PATH instead. This \nfeature will be removed from ansible-core in version 2.19. Deprecation warnings\n can be disabled by setting
Yeah, but I got only this. It is disconnected; no message prints after that.
I have uploaded ansible collection in the AAP, (Under Automation hub → Collections) but how should my requirements.yml identify the collection path to install it on the execution environment, where I am running my playbooks.
Do I need to specify any path location for the same in the yaml manifests or how exactly it works?
Not sure, wish I had an AAP instance myself I could hunt around for. I use the Ansible Galaxy operator and have an on-prem instance of Galaxy, so I know what its URL is.
When you upload a collection, does it give you any clues as to what the server URL is for that collection? Also, if you’re using AAP, could you open a ticket to RedHat to have them take look for you?
No, I didn’t get any messages when I uploaded a collection. I have no idea about where to define those parameters in the AAP. I will check somewhere in the documents and see whether I can able to figure it out or not.