ansibleansible-awxansible-vault

Correct way to read AWX custom credentials variables in an ansible playbook


Im trying to pass user credentials from an AWX custom Credential Type that I named Ansible Vault to my ansible playbook. The credential is read fine in my Test Playbook, but when trying to use the credential to connect to the managed server it fails.

In the Ansible Vault credential I have this

Input config:

fields:
  - id: my_password
    type: string
    label: password
    secret: true
required:
  - my_password

Injector config:

extra_vars:
  my_password: 'myfakepassword'

My Test Playbook (runs without errors)

---
- hosts: myhost.com
  
  vars:
    ansible_winrm_password: "myfakepassword"
    ansible_user: ansiblerunner
    ansible_connection: winrm
    ansible_port: 5986
    ansible_winrm_transport: ntlm
    ansible_winrm_server_cert_validation: ignore
    source_file: "../files/test.txt" 

  tasks:
    - name: Print Username from Credential
      debug:
        var: my_password

My non working playbook (throws "ntlm: the specified credentials were rejected by the server", "unreachable")

---
- hosts: myhost.com 

  vars:
    ansible_winrm_password: "{{ my_password }}"
    ansible_user: ansiblerunner
    ansible_connection: winrm
    ansible_port: 5986
    ansible_winrm_transport: ntlm
    ansible_winrm_server_cert_validation: ignore
    source_file: "../files/test.txt" 

  tasks:
    - name: Print Username from Credential
      debug:
        var: my_password 

Solution

  • Update. I solved the issue by adding gather_facts: true under my hosts: declaration and also renamed my credential variable to "my_password", because variables starting with "ansible" are reserved.

    ---
    - hosts: myhost.com 
      gather_facts: true
    
      vars:
        ansible_winrm_password: "{{ my_password }}"
        ansible_user: ansiblerunner
        ansible_connection: winrm
        ansible_port: 5986
        ansible_winrm_transport: ntlm
        ansible_winrm_server_cert_validation: ignore
        source_file: "../files/test.txt" 
    
      tasks:
        - name: Print Username from Credential
          debug:
            var: my_password