Hi,
This is a crosspost from https://devops.stackexchange.com/questions/9017/per-machine-credentials-for-privileges-escalation-using-awx because I couldn’t get an answer there.
I have an inventory with a lot of hosts in it using the same credentials, but one host needs a different approach. For the ssh connection a different user is used, after the connection is established, we do a privilege escalation with su.
This all works fine when I create a job template in AWX and limit it to this “special” host. But the job template needs to be executed on all hosts. So I want to set the default credentials in the job template, and on this single host I’d like to set the credentials as host variables using
- ansible_become
- ansible_user
- ansible_password
- ansible_become_method
- ansible_become_user
- ansible_become_pass
Of course I don’t want the password to be in plain text in AWX so I read something about the vaults. But if I’m understood that correctly, this means I need to create a new credential in AWX and assign it to the job. But that doesn’t work for me, because than I can’t connect to the other hosts.
Is there a possibility to assign the ansible_become_pass encrypted to this single host?
I know that the easiest way is to use the same credentials as on the other hosts, but unfortunately this is not possible in this case.
Thanks for any help.