I have a set of roles that I need to install with ansible-galaxy.
- src: 'https://gitlab.private/role-openstack-net.git'
scm: 'git'
version: '1.0.0'
name: 'role-openstack-net'
- src: 'https://gitlab.private/role-openstack-subnet.git'
scm: 'git'
version: '1.0.0'
name: 'role-openstack-subnet'
In real case, I have about 20 roles.
All the roles are private, so when I run:
ansible-galaxy install -f -c -r galaxy.yml
it asks me for the user / pass for each role, which is kind of bothering
Manually, I do:
git config --global credential.helper store
I enter my credentials once, and then it remembers it for all
But how should I do in a Jenkins Job ?
I saw here there is a way of putting a token:
https://github.com/ansible/ansible/pull/34621
but it doesn't seem to be work.
Any idea ?
There is currently no support for passing credential parameters into ansible-galaxy at run time.
It is possible to add the credentials into the requirements.yml
, but generally adding credentials into code is not ideal due to the ease that others could one day exploit them.
The solution is to update requirements.yml
at run time.
Create a Gitlab Personal Access Token by viewing your profile and updating the settings: https://private.gitlab/profile/personal_access_tokens
Use the secrets manager of your choice to set the variable PAT_TOKEN with the token at run time.
In your Jenkins script use sed
to update requirements.yml
before ansible-galaxy install
sed -i "s#https://gitlab.private/#https://oauth2:${PAT_TOKEN}@gitlab.private/#g" requirements.yml
If you were using Gitlab-ci instead of Jenkins, it is possible to use the existing ci token:
sed -i "s#https://gitlab.private/#https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.private/#g" requirements.yml