Try SpotterModule to manage authentication to oVirt/RHV
| "added in version" 1.0.0 of pkubica.ovirt"
Authors: Ondra Machacek (@machacekondra)
Install with ansible-galaxy collection install pkubica.ovirt:==1.4.3
collections:
- name: pkubica.ovirt
version: 1.4.3This module authenticates to oVirt/RHV engine and creates SSO token, which should be later used in all other oVirt/RHV modules, so all modules don't need to perform login and logout. This module returns an Ansible fact called I(ovirt_auth). Every module can use this fact as C(auth) parameter, to perform authentication.
- block:
# Create a vault with `ovirt_password` variable which store your
# oVirt/RHV user's password, and include that yaml file with variable:
- ansible.builtin.include_vars: ovirt_password.yml
- name: Obtain SSO token with using username/password credentials
pkubica.ovirt.ovirt_auth:
url: https://ovirt.example.com/ovirt-engine/api
username: admin@internal
ca_file: ca.pem
password: "{{ ovirt_password }}"
# Previous task generated I(ovirt_auth) fact, which you can later use
# in different modules as follows:
- pkubica.ovirt.ovirt_vm:
auth: "{{ ovirt_auth }}"
state: absent
name: myvm
always:
- name: Always revoke the SSO token
pkubica.ovirt.ovirt_auth:
state: absent
ovirt_auth: "{{ ovirt_auth }}"
# When user will set following environment variables:
# OVIRT_URL = https://fqdn/ovirt-engine/api
# OVIRT_USERNAME = admin@internal
# OVIRT_PASSWORD = the_password
# User can login the oVirt using environment variable instead of variables
# in yaml file.
# This is mainly useful when using Ansible Tower or AWX, as it will work
# for Red Hat Virtualization credentials type.
- name: Obtain SSO token
ovirt_auth:
state: present
url:
description:
- 'A string containing the API URL of the server. For example: I(https://server.example.com/ovirt-engine/api).
Default value is set by I(OVIRT_URL) environment variable.'
- Either C(url) or C(hostname) is required.
required: false
type: str
state:
choices:
- present
- absent
default: present
description:
- Specifies if a token should be created or revoked.
type: str
token:
description:
- SSO token to be used instead of login with username/password. Default value is set
by I(OVIRT_TOKEN) environment variable.
required: false
type: str
ca_file:
description:
- A PEM file containing the trusted CA certificates. The certificate presented by
the server will be verified using these CA certificates. If C(ca_file) parameter
is not set, system wide CA certificate store is used. Default value is set by I(OVIRT_CAFILE)
environment variable.
required: false
type: path
headers:
description:
- A dictionary of HTTP headers to be added to each API call.
required: false
type: dict
timeout:
description:
- The maximum total time to wait for the response, in seconds. A value of zero (the
default) means wait forever. If the timeout expires before the response is received
an exception will be raised.
required: false
type: int
compress:
default: true
description:
- A boolean flag indicating if the SDK should ask the server to send compressed responses.
The default is I(True). Note that this is a hint for the server, and that it may
return uncompressed data even when this parameter is set to I(True).
required: false
type: bool
hostname:
description:
- 'A string containing the hostname of the server. For example: I(server.example.com).
Default value is set by I(OVIRT_HOSTNAME) environment variable.'
- Either C(url) or C(hostname) is required.
required: false
type: str
insecure:
description:
- A boolean flag that indicates if the server TLS certificate and host name should
be checked.
required: false
type: bool
kerberos:
description:
- A boolean flag indicating if Kerberos authentication should be used instead of the
default basic authentication.
required: false
type: bool
password:
description:
- The password of the user. Default value is set by I(OVIRT_PASSWORD) environment
variable.
required: false
type: str
username:
description:
- 'The name of the user. For example: I(admin@internal) Default value is set by I(OVIRT_USERNAME)
environment variable.'
required: false
type: str
ovirt_auth:
description:
- Previous run of the ovirt_auth used with C(state) absent
- Closes connection with the engine.
type: dict
ovirt_auth:
contains:
ca_file:
description: CA file, which is used to verify SSL/TLS connection.
returned: success
sample: ca.pem
type: str
compress:
description: Flag indicating if compression is used for connection.
returned: success
sample: true
type: bool
headers:
description: Dictionary of HTTP headers to be added to each API call.
returned: success
type: dict
insecure:
description: Flag indicating if insecure connection is used.
returned: success
sample: false
type: bool
kerberos:
description: Flag indicating if kerberos is used for authentication.
returned: success
sample: false
type: bool
timeout:
description: Number of seconds to wait for response.
returned: success
sample: 0
type: int
token:
description: SSO token which is used for connection to oVirt/RHV engine.
returned: success
sample: kdfVWp9ZgeewBXV-iq3Js1-xQJZPSEQ334FLb3eksoEPRaab07DhZ8ED8ghz9lJd-MQ2GqtRIeqhvhCkrUWQPw
type: str
url:
description: URL of the oVirt/RHV engine API endpoint.
returned: success
sample: https://ovirt.example.com/ovirt-engine/api
type: str
description: Authentication facts, needed to perform authentication to oVirt/RHV.
returned: success
type: complex