Several machine credentials in AWX template


I want to run an Ansible playbook on a series of AWS EC2 instances. These instances are grouped by a tag Type. The problem is that I have two different regions, and each region has its own pem key, and AWX only lets you associate one pem key. Consequently, if my inventory consists of both regions, one of them (the region opposite to the pem used) will not work. The idea I came up with was to make two templates (one for each zone) and a workflow to run both regions if necessary, but this involves maintaining double the inventory, double the templates, two provisioning callbacks, etc.

  1. Is there an option like the Jenkins SSH Agent plugin that allows using multiple keys and trying with both?
  2. Is there a simpler solution for this use case?

Thank you very much in advance

Unfortunately, there’s no way to allow multiple machine credentials to be used, thereby allowing multiple keys for the ssh-agent (which AWX does use…).

The simplest thing to do in AWX would be to make Smart Inventories to split your inventory by regions, and make one job template that prompts for inventory and credentials. Then, as you surmised, you can run the job template in a workflow template against each region. The workflow would allow you to answer the prompts for inventory/credentials per region, and you could run the same template against both regions in parallel if you check the box for “Concurrent Jobs” in the job template.

E.g. I run the “same” job with different parameters to build ubi8 and ubi9 images in a workflow in parallel.

Before I left my contract position a few weeks ago, that was an issue we had in AAP 2.2. We ended up solving that problem by creating custom credential entries to run in the same Job Template with our SNow catalog items, and it worked great. Hopefully that helps out for you.