Skip to content

Commit

Permalink
organize and fill the credentials
Browse files Browse the repository at this point in the history
  • Loading branch information
ivarmu committed Jun 27, 2024
1 parent 4b50812 commit 67d9203
Show file tree
Hide file tree
Showing 2 changed files with 85 additions and 25 deletions.
50 changes: 25 additions & 25 deletions docs/documentation/modules/ROOT/pages/021-organize.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -35,44 +35,44 @@ The exportation process has left the generated files at `/tmp/filetree-output`.
└── current_roles_awx-team.yaml
----

These files can be used directly from the `/tmp/filtree-output` directory but, preferably, they may be copied to a git repository and populated with the missing information:
These files can be used directly from the `/tmp/filtree-output` directory but, preferably, they may be copied to a git repository and populated with the missing information (as the current migration proces is from AWX to Ansible Controller, the destination path will be `configs/controller/`):

[.console-input]
[source,console]
----
$ mkdir -p configs/awx
$ cp -a /tmp/filetree_output/* configs/awx/
$ mkdir -p configs/controller
$ cp -a /tmp/filetree_output/* configs/controller/
----

The last step is to configure the path where each object type will be located at, so let's create the following file:

[.console-input]
[source,console]
----
$ cat > my_vars/paths-awx.yaml <<EOF
$ cat > my_vars/paths-controller.yaml <<EOF
---
# Controller Directory Path
filetree_controller_settings: "{{ playbook_dir }}/../configs/awx"
filetree_controller_organizations: "{{ playbook_dir }}/../configs/awx"
filetree_controller_labels: "{{ playbook_dir }}/../configs/awx"
filetree_controller_user_accounts: "{{ playbook_dir }}/../configs/awx"
filetree_controller_teams: "{{ playbook_dir }}/../configs/awx"
filetree_controller_credential_types: "{{ playbook_dir }}/../configs/awx"
filetree_controller_credentials: "{{ playbook_dir }}/../configs/awx"
filetree_controller_credential_input_sources: "{{ playbook_dir }}/../configs/awx"
filetree_controller_notifications: "{{ playbook_dir }}/../configs/awx"
filetree_controller_projects: "{{ playbook_dir }}/../configs/awx"
filetree_controller_execution_environments: "{{ playbook_dir }}/../configs/awx"
filetree_controller_applications: "{{ playbook_dir }}/../configs/awx"
filetree_controller_inventories: "{{ playbook_dir }}/../configs/awx"
filetree_controller_inventory_sources: "{{ playbook_dir }}/../configs/awx"
filetree_controller_instance_groups: "{{ playbook_dir }}/../configs/awx"
filetree_controller_hosts: "{{ playbook_dir }}/../configs/awx"
filetree_controller_groups: "{{ playbook_dir }}/../configs/awx"
filetree_controller_templates: "{{ playbook_dir }}/../configs/awx"
filetree_controller_workflow_job_templates: "{{ playbook_dir }}/../configs/awx"
filetree_controller_schedules: "{{ playbook_dir }}/../configs/awx"
filetree_controller_roles: "{{ playbook_dir }}/../configs/awx"
filetree_controller_settings: "{{ playbook_dir }}/../configs/controller"
filetree_controller_organizations: "{{ playbook_dir }}/../configs/controller"
filetree_controller_labels: "{{ playbook_dir }}/../configs/controller"
filetree_controller_user_accounts: "{{ playbook_dir }}/../configs/controller"
filetree_controller_teams: "{{ playbook_dir }}/../configs/controller"
filetree_controller_credential_types: "{{ playbook_dir }}/../configs/controller"
filetree_controller_credentials: "{{ playbook_dir }}/../configs/controller"
filetree_controller_credential_input_sources: "{{ playbook_dir }}/../configs/controller"
filetree_controller_notifications: "{{ playbook_dir }}/../configs/controller"
filetree_controller_projects: "{{ playbook_dir }}/../configs/controller"
filetree_controller_execution_environments: "{{ playbook_dir }}/../configs/controller"
filetree_controller_applications: "{{ playbook_dir }}/../configs/controller"
filetree_controller_inventories: "{{ playbook_dir }}/../configs/controller"
filetree_controller_inventory_sources: "{{ playbook_dir }}/../configs/controller"
filetree_controller_instance_groups: "{{ playbook_dir }}/../configs/controller"
filetree_controller_hosts: "{{ playbook_dir }}/../configs/controller"
filetree_controller_groups: "{{ playbook_dir }}/../configs/controller"
filetree_controller_templates: "{{ playbook_dir }}/../configs/controller"
filetree_controller_workflow_job_templates: "{{ playbook_dir }}/../configs/controller"
filetree_controller_schedules: "{{ playbook_dir }}/../configs/controller"
filetree_controller_roles: "{{ playbook_dir }}/../configs/controller"
controller_configuration_dispatcher_roles:
- {role: settings, var: controller_settings, tags: settings}
Expand Down
60 changes: 60 additions & 0 deletions docs/documentation/modules/ROOT/pages/022-fill-credentials.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
include::_attributes.adoc[]

== Fill in the credentials

The export process is creating files for all the credentials that match the exportation filters, but these generated files are not fully populated, so they must be populated manually:

.Just after the export process
[.console-input]
[source,console]
----
$ cat configs/controller/AWX-ORG/credentials/2_AWX-Machine\ Credential.yaml
---
controller_credentials:
- name: "AWX-Machine Credential"
description: ""
credential_type: "Machine"
organization: "AWX-ORG"
inputs:
password: ''
username: admin
...
----

NOTE: Any text editor can be used to fill in the credentials.

.Once filled in the credentials
[.console-input]
[source,console]
----
$ vim configs/awx/AWX-ORG/credentials/2_AWX-Machine\ Credential.yaml
$ cat configs/awx/AWX-ORG/credentials/2_AWX-Machine\ Credential.yaml
---
controller_credentials:
- name: "AWX-Machine Credential"
description: ""
credential_type: "Machine"
organization: "AWX-ORG"
inputs:
password: "{{ vaulted_machine_password }}"
username: "{{ vaulted_machine_username }}"
...
----

As can be seen, the proposal here is to use some variables, that will be defined into a separare vaulted yaml file, so no credentials in plain text will be uploaded to the git repository:

[.console-input]
[source,console]
----
$ cat > my_vars/vaulted-credentials.yaml <<EOF
---
vaulted_machine_username: admin
vaulted_machine_password: verysecretpassword
...
EOF
$ ansible-vault encrypt --vault-password-file .vault-password my_vars/vaulted-credentials.yaml
Encryption successful
----

0 comments on commit 67d9203

Please sign in to comment.