-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prepare Nuage authentication attributes (for Embedded Ansible) #406
Prepare Nuage authentication attributes (for Embedded Ansible) #406
Conversation
@miha-plesko Please review the test failure comments to get this PR green. https://travis-ci.org/ManageIQ/manageiq-content/jobs/418651250#L1946 |
Since there is no AWX credential type for Nuage, we're not able to use standard Embedded Ansible authentication approach. As a workaround we therefore set the five AE Class Attributes: - nuage_username - nuage_password - nuage_enterprise - nuage_url - nuage_api_version Playbooks then fetch them from AE Instance, by means of following role (available on Ansible Galaxy): https://github.com/xlab-si/ansible-role-nuage-miq-automate https://galaxy.ansible.com/xlab_si/nuage_miq_automate With this commit we babysit user who will now only have to provide values (username, password, etc.) while AE attributes will already exist and will be in appropriate sequence. Signed-off-by: Miha Pleško <miha.plesko@xlab.si>
d913f85
to
54242bd
Compare
Checked commit miha-plesko@54242bd with ruby 2.3.3, rubocop 0.52.1, haml-lint 0.20.0, and yamllint 1.10.0 |
Thanks @gmcculloug green. |
@miha-plesko so this task specifically gets these values right? https://github.com/xlab-si/ansible-role-nuage-miq-automate/blob/master/tasks/authentication.yaml @gmcculloug looks okay to me, looks like this is just setting some variables in automate then retrieving their values to be used later. |
@agrare yes, and it forms a hash consumable by Nuage Ansible Module, see here https://docs.ansible.com/ansible/latest/modules/nuage_vspk_module.html#parameters, the "auth" parameter. |
So the idea is that playbooks that will be used via Embedded Ansible just require the role and assume ---
- name: Nuage event callback
roles:
- xlab_si.nuage_miq_automate
tasks:
- debug: msg="I am a playbook running as event callback and I am able to access nuage credentials"
- debug: var=nuage_auth
- debug: msg="So I'm now ready to do some work!" |
Sorry for spamming, but gotta share this with you as well: so we'll put AE Class Attributes on NUAGE class (it's what this PR does). Then we'll instruct user to only set default values on Class (the username, the password etc.) - and all the underlying AE Instances will be able to access it 😎 ^ if user was to set username/password on AE Instance then she would need to do it for every single instance. Whenever password would change, she would need to change it on all instances as well. But if we leverage AE Class default values, all instances can consume it so it needs to be only updated in one place i.e. default value needs to be updated on NUAGE class :) |
Since there is no AWX credential type for Nuage, we're not able to use standard Embedded Ansible authentication approach. As a workaround we therefore set the five AE Class Attributes:
Playbooks then fetch them from AE Instance, by means of following role (available on Ansible Galaxy):
https://github.com/xlab-si/ansible-role-nuage-miq-automate
https://galaxy.ansible.com/xlab_si/nuage_miq_automate
With this commit we babysit user who will now only have to provide values (username, password, etc.) while AE attributes will already exist and will be in appropriate sequence.
@miq-bot add_label enhancement
@miq-bot assign @gmcculloug
/cc @Ladas @agrare